From 238a0068272c5ca20c217579b7cae841703c2178 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 20 Jan 2026 14:56:25 +0000 Subject: [PATCH 1/4] Initial plan From 2286d04dd463a0ecc4c703d85742dfaafe20b64a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 20 Jan 2026 15:01:04 +0000 Subject: [PATCH 2/4] Fix SET TERM handling by routing to isql_execute Co-authored-by: mariuz <18359+mariuz@users.noreply.github.com> --- sql.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sql.php b/sql.php index ca169ef..ca08d72 100644 --- a/sql.php +++ b/sql.php @@ -99,6 +99,12 @@ // remove empty lines from userinput and put the statements into $lines[] if (isset($_POST['sql_run']) || isset($_POST['sql_execute'])) { + + // check if script contains SET TERM command - must use isql + if (preg_match('/SET\s+TERM/i', $sql_script)) { + $isql_flag = true; + } + $lines = explode(';', $sql_script); //remove whitespace and empty lines @@ -114,7 +120,7 @@ if (preg_match('/^CREATE(\s)+(DATABASE|SCHEMA|PROCEDURE|TRIGGER)/i', $cmd)) { $isql_flag = true; - if ($cmd{(strlen($cmd) - 1)} != ';') { + if ($cmd[strlen($cmd) - 1] != ';') { $lines[$idx] .= ';'; } } From 389e45b58780744f6e5a1b905dc08edf162192cc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 20 Jan 2026 15:05:55 +0000 Subject: [PATCH 3/4] Skip SQL splitting when SET TERM is detected Co-authored-by: mariuz <18359+mariuz@users.noreply.github.com> --- sql.php | 63 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 30 deletions(-) diff --git a/sql.php b/sql.php index ca08d72..a86941f 100644 --- a/sql.php +++ b/sql.php @@ -105,46 +105,49 @@ $isql_flag = true; } - $lines = explode(';', $sql_script); - - //remove whitespace and empty lines - foreach ($lines as $idx => $cmd) { - $cmd = trim($cmd); - if ($cmd == '') { - array_splice($lines, $idx, 1); - continue; - } - $lines[$idx] = $cmd; + // If SET TERM is detected, don't split - execute the whole script via isql + if (!isset($isql_flag)) { + $lines = explode(';', $sql_script); + + //remove whitespace and empty lines + foreach ($lines as $idx => $cmd) { + $cmd = trim($cmd); + if ($cmd == '') { + array_splice($lines, $idx, 1); + continue; + } + $lines[$idx] = $cmd; - // execute the whole script through isql, if it contains a CREATE DATABASE, PROCEDURE or TRIGGER - if (preg_match('/^CREATE(\s)+(DATABASE|SCHEMA|PROCEDURE|TRIGGER)/i', $cmd)) { - $isql_flag = true; + // execute the whole script through isql, if it contains a CREATE DATABASE, PROCEDURE or TRIGGER + if (preg_match('/^CREATE(\s)+(DATABASE|SCHEMA|PROCEDURE|TRIGGER)/i', $cmd)) { + $isql_flag = true; - if ($cmd[strlen($cmd) - 1] != ';') { - $lines[$idx] .= ';'; + if ($cmd[strlen($cmd) - 1] != ';') { + $lines[$idx] .= ';'; + } } - } - // empty the sql buffer if the script contains one or more select statements - if (strncasecmp('select', $cmd, 6) == 0) { - $s_sql['buffer'] = ''; + // empty the sql buffer if the script contains one or more select statements + if (strncasecmp('select', $cmd, 6) == 0) { + $s_sql['buffer'] = ''; + } } - } - // make sure that there are no disabled commands in the script - if (is_array($SQL_DISABLE) && count($SQL_DISABLE) > 0 - && ($s_login['user'] != 'SYSDBA' || SYSDBA_GET_ALL === false)) { - foreach ($SQL_DISABLE as $disable) { - $len = strlen($disable); - foreach ($lines as $line) { - if (strncasecmp($disable, $line, $len) == 0) { - $error = sprintf($ERRORS['DISABLED_CMD'], $disable); - break 2; + // make sure that there are no disabled commands in the script + if (is_array($SQL_DISABLE) && count($SQL_DISABLE) > 0 + && ($s_login['user'] != 'SYSDBA' || SYSDBA_GET_ALL === false)) { + foreach ($SQL_DISABLE as $disable) { + $len = strlen($disable); + foreach ($lines as $line) { + if (strncasecmp($disable, $line, $len) == 0) { + $error = sprintf($ERRORS['DISABLED_CMD'], $disable); + break 2; + } } } } } - $s_sql['queries'] = $lines; + $s_sql['queries'] = isset($lines) ? $lines : array($sql_script); } // 'display all' From ad6d0719b92406815e6401f45cc1ad496543f0e1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 20 Jan 2026 15:09:03 +0000 Subject: [PATCH 4/4] Address code review feedback - improve SET TERM detection Co-authored-by: mariuz <18359+mariuz@users.noreply.github.com> --- sql.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sql.php b/sql.php index a86941f..783ae0d 100644 --- a/sql.php +++ b/sql.php @@ -100,13 +100,16 @@ if (isset($_POST['sql_run']) || isset($_POST['sql_execute'])) { + $isql_flag = false; + // check if script contains SET TERM command - must use isql - if (preg_match('/SET\s+TERM/i', $sql_script)) { + if (preg_match('/\bSET\s+TERM\s+/i', $sql_script)) { $isql_flag = true; + $lines = array($sql_script); } // If SET TERM is detected, don't split - execute the whole script via isql - if (!isset($isql_flag)) { + if (!$isql_flag) { $lines = explode(';', $sql_script); //remove whitespace and empty lines @@ -147,7 +150,7 @@ } } } - $s_sql['queries'] = isset($lines) ? $lines : array($sql_script); + $s_sql['queries'] = $lines; } // 'display all'