usky-website/web/phpMyAdmin/libraries/classes/Query/Generator.php

<?php

declare(strict_types=1);

namespace PhpMyAdmin\Query;

use PhpMyAdmin\Util;
use function count;
use function implode;
use function is_array;
use function sprintf;

/**
 * Handles generating SQL queries
 */
class Generator
{
    /**
     * returns a segment of the SQL WHERE clause regarding table name and type
     *
     * @param array|string $escapedTableOrTables table(s)
     * @param bool         $tblIsGroup           $table is a table group
     * @param string       $tableType            whether table or view
     *
     * @return string a segment of the WHERE clause
     */
    public static function getTableCondition(
        $escapedTableOrTables,
        bool $tblIsGroup,
        ?string $tableType
    ): string {
        // get table information from information_schema
        if ($escapedTableOrTables) {
            if (is_array($escapedTableOrTables)) {
                $sqlWhereTable = 'AND t.`TABLE_NAME` '
                    . Util::getCollateForIS() . ' IN (\''
                    . implode(
                        '\', \'',
                        $escapedTableOrTables
                    )
                    . '\')';
            } elseif ($tblIsGroup === true) {
                $sqlWhereTable = 'AND t.`TABLE_NAME` LIKE \''
                    . Util::escapeMysqlWildcards(
                        $escapedTableOrTables
                    )
                    . '%\'';
            } else {
                $sqlWhereTable = 'AND t.`TABLE_NAME` '
                    . Util::getCollateForIS() . ' = \''
                    . $escapedTableOrTables . '\'';
            }
        } else {
            $sqlWhereTable = '';
        }

        if ($tableType) {
            if ($tableType === 'view') {
                $sqlWhereTable .= " AND t.`TABLE_TYPE` NOT IN ('BASE TABLE', 'SYSTEM VERSIONED')";
            } elseif ($tableType === 'table') {
                $sqlWhereTable .= " AND t.`TABLE_TYPE` IN ('BASE TABLE', 'SYSTEM VERSIONED')";
            }
        }

        return $sqlWhereTable;
    }

    /**
     * returns the beginning of the SQL statement to fetch the list of tables
     *
     * @param string[] $thisDatabases databases to list
     * @param string   $sqlWhereTable additional condition
     *
     * @return string the SQL statement
     */
    public static function getSqlForTablesFull(array $thisDatabases, string $sqlWhereTable): string
    {
        return 'SELECT *,'
            . ' `TABLE_SCHEMA`       AS `Db`,'
            . ' `TABLE_NAME`         AS `Name`,'
            . ' `TABLE_TYPE`         AS `TABLE_TYPE`,'
            . ' `ENGINE`             AS `Engine`,'
            . ' `ENGINE`             AS `Type`,'
            . ' `VERSION`            AS `Version`,'
            . ' `ROW_FORMAT`         AS `Row_format`,'
            . ' `TABLE_ROWS`         AS `Rows`,'
            . ' `AVG_ROW_LENGTH`     AS `Avg_row_length`,'
            . ' `DATA_LENGTH`        AS `Data_length`,'
            . ' `MAX_DATA_LENGTH`    AS `Max_data_length`,'
            . ' `INDEX_LENGTH`       AS `Index_length`,'
            . ' `DATA_FREE`          AS `Data_free`,'
            . ' `AUTO_INCREMENT`     AS `Auto_increment`,'
            . ' `CREATE_TIME`        AS `Create_time`,'
            . ' `UPDATE_TIME`        AS `Update_time`,'
            . ' `CHECK_TIME`         AS `Check_time`,'
            . ' `TABLE_COLLATION`    AS `Collation`,'
            . ' `CHECKSUM`           AS `Checksum`,'
            . ' `CREATE_OPTIONS`     AS `Create_options`,'
            . ' `TABLE_COMMENT`      AS `Comment`'
            . ' FROM `information_schema`.`TABLES` t'
            . ' WHERE `TABLE_SCHEMA` ' . Util::getCollateForIS()
            . ' IN (\'' . implode("', '", $thisDatabases) . '\')'
            . ' ' . $sqlWhereTable;
    }

    /**
     * Returns SQL for fetching information on table indexes (SHOW INDEXES)
     *
     * @param string $database name of database
     * @param string $table    name of the table whose indexes are to be retrieved
     * @param string $where    additional conditions for WHERE
     *
     * @return string SQL for getting indexes
     */
    public static function getTableIndexesSql(
        string $database,
        string $table,
        ?string $where = null
    ): string {
        $sql = 'SHOW INDEXES FROM ' . Util::backquote($database) . '.'
            . Util::backquote($table);
        if ($where) {
            $sql .= ' WHERE (' . $where . ')';
        }

        return $sql;
    }

    /**
     * Returns SQL query for fetching columns for a table
     *
     * @param string      $database      name of database
     * @param string      $table         name of table to retrieve columns from
     * @param string|null $escapedColumn name of column, null to show all columns
     * @param bool        $full          whether to return full info or only column names
     */
    public static function getColumnsSql(
        string $database,
        string $table,
        ?string $escapedColumn = null,
        bool $full = false
    ): string {
        return 'SHOW ' . ($full ? 'FULL' : '') . ' COLUMNS FROM '
            . Util::backquote($database) . '.' . Util::backquote($table)
            . ($escapedColumn !== null ? " LIKE '"
                . $escapedColumn . "'" : '');
    }

    public static function getInformationSchemaRoutinesRequest(
        string $escapedDb,
        ?string $routineType,
        ?string $escapedRoutineName
    ): string {
        $query = 'SELECT'
            . ' `ROUTINE_SCHEMA` AS `Db`,'
            . ' `SPECIFIC_NAME` AS `Name`,'
            . ' `ROUTINE_TYPE` AS `Type`,'
            . ' `DEFINER` AS `Definer`,'
            . ' `LAST_ALTERED` AS `Modified`,'
            . ' `CREATED` AS `Created`,'
            . ' `SECURITY_TYPE` AS `Security_type`,'
            . ' `ROUTINE_COMMENT` AS `Comment`,'
            . ' `CHARACTER_SET_CLIENT` AS `character_set_client`,'
            . ' `COLLATION_CONNECTION` AS `collation_connection`,'
            . ' `DATABASE_COLLATION` AS `Database Collation`,'
            . ' `DTD_IDENTIFIER`'
            . ' FROM `information_schema`.`ROUTINES`'
            . ' WHERE `ROUTINE_SCHEMA` ' . Util::getCollateForIS()
            . " = '" . $escapedDb . "'";
        if ($routineType !== null) {
            $query .= " AND `ROUTINE_TYPE` = '" . $routineType . "'";
        }
        if ($escapedRoutineName !== null) {
            $query .= ' AND `SPECIFIC_NAME`'
                . " = '" . $escapedRoutineName . "'";
        }

        return $query;
    }

    public static function getInformationSchemaEventsRequest(string $escapedDb, ?string $escapedEventName): string
    {
        $query = 'SELECT'
            . ' `EVENT_SCHEMA` AS `Db`,'
            . ' `EVENT_NAME` AS `Name`,'
            . ' `DEFINER` AS `Definer`,'
            . ' `TIME_ZONE` AS `Time zone`,'
            . ' `EVENT_TYPE` AS `Type`,'
            . ' `EXECUTE_AT` AS `Execute at`,'
            . ' `INTERVAL_VALUE` AS `Interval value`,'
            . ' `INTERVAL_FIELD` AS `Interval field`,'
            . ' `STARTS` AS `Starts`,'
            . ' `ENDS` AS `Ends`,'
            . ' `STATUS` AS `Status`,'
            . ' `ORIGINATOR` AS `Originator`,'
            . ' `CHARACTER_SET_CLIENT` AS `character_set_client`,'
            . ' `COLLATION_CONNECTION` AS `collation_connection`, '
            . '`DATABASE_COLLATION` AS `Database Collation`'
            . ' FROM `information_schema`.`EVENTS`'
            . ' WHERE `EVENT_SCHEMA` ' . Util::getCollateForIS()
            . " = '" . $escapedDb . "'";
        if ($escapedEventName !== null) {
            $query .= ' AND `EVENT_NAME`'
                . " = '" . $escapedEventName . "'";
        }

        return $query;
    }

    public static function getInformationSchemaTriggersRequest(string $escapedDb, ?string $escapedTable): string
    {
        $query = 'SELECT TRIGGER_SCHEMA, TRIGGER_NAME, EVENT_MANIPULATION'
            . ', EVENT_OBJECT_TABLE, ACTION_TIMING, ACTION_STATEMENT'
            . ', EVENT_OBJECT_SCHEMA, EVENT_OBJECT_TABLE, DEFINER'
            . ' FROM information_schema.TRIGGERS'
            . ' WHERE EVENT_OBJECT_SCHEMA ' . Util::getCollateForIS() . '='
            . ' \'' . $escapedDb . '\'';

        if ($escapedTable !== null) {
            $query .= ' AND EVENT_OBJECT_TABLE ' . Util::getCollateForIS()
                . " = '" . $escapedTable . "';";
        }

        return $query;
    }

    public static function getInformationSchemaDataForCreateRequest(string $user, string $host): string
    {
        return 'SELECT 1 FROM `INFORMATION_SCHEMA`.`USER_PRIVILEGES` '
            . "WHERE `PRIVILEGE_TYPE` = 'CREATE USER' AND "
            . "'''" . $user . "''@''" . $host . "''' LIKE `GRANTEE` LIMIT 1";
    }

    public static function getInformationSchemaDataForGranteeRequest(string $user, string $host): string
    {
        return 'SELECT 1 FROM ('
            . 'SELECT `GRANTEE`, `IS_GRANTABLE` FROM '
            . '`INFORMATION_SCHEMA`.`COLUMN_PRIVILEGES` UNION '
            . 'SELECT `GRANTEE`, `IS_GRANTABLE` FROM '
            . '`INFORMATION_SCHEMA`.`TABLE_PRIVILEGES` UNION '
            . 'SELECT `GRANTEE`, `IS_GRANTABLE` FROM '
            . '`INFORMATION_SCHEMA`.`SCHEMA_PRIVILEGES` UNION '
            . 'SELECT `GRANTEE`, `IS_GRANTABLE` FROM '
            . '`INFORMATION_SCHEMA`.`USER_PRIVILEGES`) t '
            . "WHERE `IS_GRANTABLE` = 'YES' AND "
            . "'''" . $user . "''@''" . $host . "''' LIKE `GRANTEE` LIMIT 1";
    }

    public static function getInformationSchemaForeignKeyConstraintsRequest(
        string $escapedDatabase,
        string $tablesListForQueryCsv
    ): string {
        return 'SELECT'
            . ' TABLE_NAME,'
            . ' COLUMN_NAME,'
            . ' REFERENCED_TABLE_NAME,'
            . ' REFERENCED_COLUMN_NAME'
            . ' FROM information_schema.key_column_usage'
            . ' WHERE referenced_table_name IS NOT NULL'
            . " AND TABLE_SCHEMA = '" . $escapedDatabase . "'"
            . ' AND TABLE_NAME IN (' . $tablesListForQueryCsv . ')'
            . ' AND REFERENCED_TABLE_NAME IN (' . $tablesListForQueryCsv . ');';
    }

    public static function getInformationSchemaDatabasesFullRequest(
        bool $forceStats,
        string $sqlWhereSchema,
        string $sortBy,
        string $sortOrder,
        string $limit
    ): string {
        $sql  = 'SELECT *, '
                . 'CAST(BIN_NAME AS CHAR CHARACTER SET utf8) AS SCHEMA_NAME'
                . ' FROM (';
        $sql .= 'SELECT'
                . ' BINARY s.SCHEMA_NAME AS BIN_NAME,'
                . ' s.DEFAULT_COLLATION_NAME';
        if ($forceStats) {
            $sql .= ','
                . ' COUNT(t.TABLE_SCHEMA)  AS SCHEMA_TABLES,'
                . ' SUM(t.TABLE_ROWS)      AS SCHEMA_TABLE_ROWS,'
                . ' SUM(t.DATA_LENGTH)     AS SCHEMA_DATA_LENGTH,'
                . ' SUM(t.MAX_DATA_LENGTH) AS SCHEMA_MAX_DATA_LENGTH,'
                . ' SUM(t.INDEX_LENGTH)    AS SCHEMA_INDEX_LENGTH,'
                . ' SUM(t.DATA_LENGTH + t.INDEX_LENGTH) AS SCHEMA_LENGTH,'
                . ' SUM(IF(t.ENGINE <> \'InnoDB\', t.DATA_FREE, 0)) AS SCHEMA_DATA_FREE';
        }
        $sql .= ' FROM `information_schema`.SCHEMATA s ';
        if ($forceStats) {
            $sql .= ' LEFT JOIN `information_schema`.TABLES t'
                    . ' ON BINARY t.TABLE_SCHEMA = BINARY s.SCHEMA_NAME';
        }
        $sql .= $sqlWhereSchema
                . ' GROUP BY BINARY s.SCHEMA_NAME, s.DEFAULT_COLLATION_NAME'
                . ' ORDER BY ';
        if ($sortBy === 'SCHEMA_NAME' || $sortBy === 'DEFAULT_COLLATION_NAME') {
            $sql .= 'BINARY ';
        }
        $sql .= Util::backquote($sortBy)
            . ' ' . $sortOrder
            . $limit;
        $sql .= ') a';

        return $sql;
    }

    public static function getInformationSchemaColumnsFullRequest(
        ?string $escapedDatabase,
        ?string $escapedTable,
        ?string $escapedColumn
    ): array {
        $sqlWheres = [];
        $arrayKeys = [];

        // get columns information from information_schema
        if ($escapedDatabase !== null) {
            $sqlWheres[] = '`TABLE_SCHEMA` = \''
                . $escapedDatabase . '\' ';
        } else {
            $arrayKeys[] = 'TABLE_SCHEMA';
        }
        if ($escapedTable !== null) {
            $sqlWheres[] = '`TABLE_NAME` = \''
                . $escapedTable . '\' ';
        } else {
            $arrayKeys[] = 'TABLE_NAME';
        }
        if ($escapedColumn !== null) {
            $sqlWheres[] = '`COLUMN_NAME` = \''
                . $escapedColumn . '\' ';
        } else {
            $arrayKeys[] = 'COLUMN_NAME';
        }

        // for PMA bc:
        // `[SCHEMA_FIELD_NAME]` AS `[SHOW_FULL_COLUMNS_FIELD_NAME]`
        $sql = 'SELECT *,'
                    . ' `COLUMN_NAME`       AS `Field`,'
                    . ' `COLUMN_TYPE`       AS `Type`,'
                    . ' `COLLATION_NAME`    AS `Collation`,'
                    . ' `IS_NULLABLE`       AS `Null`,'
                    . ' `COLUMN_KEY`        AS `Key`,'
                    . ' `COLUMN_DEFAULT`    AS `Default`,'
                    . ' `EXTRA`             AS `Extra`,'
                    . ' `PRIVILEGES`        AS `Privileges`,'
                    . ' `COLUMN_COMMENT`    AS `Comment`'
               . ' FROM `information_schema`.`COLUMNS`';

        if (count($sqlWheres)) {
            $sql .= "\n" . ' WHERE ' . implode(' AND ', $sqlWheres);
        }

        return [$sql, $arrayKeys];
    }

    /**
     * Function to get sql query for renaming the index using SQL RENAME INDEX Syntax
     */
    public static function getSqlQueryForIndexRename(
        string $dbName,
        string $tableName,
        string $oldIndexName,
        string $newIndexName
    ): string {
        return sprintf(
            'ALTER TABLE %s.%s RENAME INDEX %s TO %s;',
            Util::backquote($dbName),
            Util::backquote($tableName),
            Util::backquote($oldIndexName),
            Util::backquote($newIndexName)
        );
    }
}