added raw query form

diff --git a/matita/scripts/public_html/bench.php b/matita/scripts/public_html/bench.php
index f11994ec158f9b068425232b583d3dbdf32e3279..4d45173badde6e9f77ecde9d4b9cf724d95da4db 100644 (file)
--- a/matita/scripts/public_html/bench.php
+++ b/matita/scripts/public_html/bench.php
@@ -91,7 +91,7 @@ function links_of($name,$q,$limits){
       <? links_of("All table contents",$quey_all,$limits) ?>
       </ul>
     </p>
-    <h2>Custom Query</h2>
+    <h2>Custom Query - Simple Interface</h2>
     <form action="composequery.php" method="get">
     <table>
   <tr>
@@ -163,5 +163,20 @@ function links_of($name,$q,$limits){
   </tr>
  </table>
 </form>
+<h2>Custom Query - raw SQL</h2>
+<form action="showquery.php" method="get">
+<table>
+</tr>
+<? query("describe bench","printer"); ?>
+</tr>
+<tr><td>
+<input type="text" size="50" name="query" value="select * from bench;"/></td>
+</tr>
+<tr><td>
+<input type="submit" value="Submit" class="button" /></td>
+</tr>
+</table>
+</form>
+
 </body>
 </html>

diff --git a/matita/scripts/public_html/common.php b/matita/scripts/public_html/common.php
index 6668b6d683d870223acad6a5c942111060809554..48121b5498ad748ff80ffff815bdd6fef0bfb483 100644 (file)
--- a/matita/scripts/public_html/common.php
+++ b/matita/scripts/public_html/common.php
@@ -8,9 +8,52 @@ function array_to_combo($a) {
   }
 }
 
+function prettify($s,$name) {
+  if (preg_match("/^[0-9]{12}$/",$s)) {
+    $year = substr($s,0,4);
+    $month = substr($s,4,2);
+    $day = substr($s,6,2);
+    $hour = substr($s,8,2);
+    $minute = substr($s,10,2);
+    return $day . "/" . $month . "/" . $year . " " . $hour . ":" . $minute;
+  } else if (preg_match("/time/",$name)){
+    $min = floor($s / 6000);
+    $sec = floor(($s - $min * 6000) / 100);
+    $cents = $s % 100;
+    return $min . "m" . $sec . "." . $cents . "s";
+  } else
+    return rtrim($s);
+}
+  
+
+function printer($q){
+  global $i;
+  echo "<tr>";
+  if ( $i == 0) {
+      foreach( $q as $name => $txt) {
+          echo "<th>$name</th>";
+      }
+  }
+  echo "</tr>\n";
+  if ( $i%2 == 0)
+     echo "<tr class=\"even\">";      
+  else
+     echo "<tr class=\"odd\">";
+  foreach( $q as $name => $txt) {
+     echo "<td>" . prettify($txt,$name) . "</td>";
+  }
+  echo "</tr>\n";      
+  $i++;
+}
+
+
 function query($q,$f) {
   $db = mysql_pconnect("localhost","helm");
   mysql_select_db("matita");
+  if (!preg_match("/^(select|describe)[^\n;]*;?$/i",$q)) {
+    echo "Query not allowed!";
+    return;
+  }
   $rc = mysql_query($q,$db);
   if(!$rc) {
     die("Query failed: " . mysql_error());

diff --git a/matita/scripts/public_html/showquery.php b/matita/scripts/public_html/showquery.php
index 1d19033ed7d73275d43ee1513506161829437317..cff5c032e9cfa829bb45109f96a9230944bb0e76 100644 (file)
--- a/matita/scripts/public_html/showquery.php
+++ b/matita/scripts/public_html/showquery.php
@@ -7,46 +7,13 @@
   $qs = array();
   foreach($nqs as $v){
     $x = explode("@@@",$v);
-    $qs[$x[0]] = $x[1];
+    if ($x[1] == NULL) {
+      $qs["Unnamed"] = $x[0];
+    } else {
+      $qs[$x[0]] = mysql_escape_string($x[1]);
+    }
   }
 
-function prettify($s,$name) {
-  if (preg_match("/^[0-9]{12}$/",$s)) {
-    $year = substr($s,0,4);
-    $month = substr($s,4,2);
-    $day = substr($s,6,2);
-    $hour = substr($s,8,2);
-    $minute = substr($s,10,2);
-    return $day . "/" . $month . "/" . $year . " " . $hour . ":" . $minute;
-  } else if ($name == "sum_time" || $name == "sum_timeuser" || $name == "time" || $name == "time_user" || $name == "timeuser"){
-    $min = floor($s / 6000);
-    $sec = floor(($s - $min * 6000) / 100);
-    $cents = $s % 100;
-    return $min . "m" . $sec . "." . $cents . "s";
-  } else
-    return $s;
-}
-  
-function printer($q){
-  global $i;
-  echo "<tr>";
-  if ( $i == 0) {
-      foreach( $q as $name => $txt) {
-          echo "<th>$name</th>";
-      }
-  }
-  echo "</tr>\n";
-  if ( $i%2 == 0)
-     echo "<tr class=\"even\">";      
-  else
-     echo "<tr class=\"odd\">";
-  foreach( $q as $name => $txt) {
-     echo "<td>" . prettify($txt,$name) . "</td>";
-  }
-  echo "</tr>\n";      
-  $i++;
-}
-
 ?>
 <html>
   <head>
@@ -57,7 +24,7 @@ function printer($q){
 <? foreach( $qs as $name => $q) { $i=0;?>
     <h2><? echo $name; ?></h2>
     <p>
-    <tt><? print $q; ?></tt>
+    <tt><? echo $q; ?></tt>
     </p>
     <table border=1>
     <?  query($q,"printer"); ?>