phpMyAdmin 5.1.0

phpMyAdmin is a tool intended to handle the administration of MySQL over the Web. It can create, rename, and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, create dumps of tables and databases, export/import CSV data, and administrate one single database and multiple MySQL servers.

Tags database system-administration php mysql mariadb
License GNU GPL
State stable

Recent Releases

5.1.025 Feb 2021 10:45 major bugfix: Change Media (MIME) type references to Media type. Add a request router. Automatically focus input in the two-factor authentication window. Replace gender-specific pronouns with gender-neutral pronouns. Improve complexity of generated passwords. Add a configuration option to define the 1st day of week. Made user names clickable in user accounts overview. Improve virtuality dropdown for MariaDB 10.1. Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure. Added missing 'IF EXISTS' to 'DROP EVENT' when exporting databases. Improve the padding in query result tool links. Support exporting raw SQL queries. Added ip2long transformation. horizontal scroll on structure edit page. Move table hide buttons in navigation to avoid hiding a table by mistake. Use correct MySQL version if the version is 8.0 or above for documentation links. Use "MariaDB Documentation" instead of "MySQL Documentation" on a MariaDB server. Change "Show Query" link to a button. Automatically toggle the radio button to "Create a page and save it" on Designer. Tap and hold will not dismiss the error box anymore, you can now copy the error. Don't disable "Empty" table button after clicking it. Stay on the structure page after editing/adding/dropping indexes. show structure after adding a column. Remove symfony/yaml dependency. Improve performance of dependency injection system by removing yaml parsing. Disable phpMyAdmin storage database checkbox on databases list. Add autocomplete attributes on login form. Add "Preview SQL" option on Index dialog box when creating a new table. export maximal length of created query input is too small. Redesign the server status advisor page. Use same height for SQL query textarea and Columns select in SQL page. Add a new vendor constant "CACHE_DIR" that defaults to "libraries/cache/" and store routing cache into this folder. Warm-up the routing cache before building the release. Use --optimize-autol
5.0.416 Oct 2020 06:45 minor bugfix: Failed Zoom search clears existing values. a PHP error when reporting a particular JS error. Latitude and longitude swap for geometries in edit mode. CREATE TABLE not being tracked when auto tracking is enabled. Compatibility problems with older PHP versions. Broken two-factor authentication.
5.0.311 Oct 2020 16:25 minor bugfix: Require twig 2.9. Option to import files locally appearing as not available. to allow NULL as a default bit value. "htmlspecialchars() expects parameter 1 to be string, null given" on Export xml. no charts in monitor when using a decimal separator ",". IN(...) clause doesn't permit multiple values on "Search" page. Support double tap to edit on mobile. Php error "Use of undefined constant MYSQLI_TYPE_JSON" when using the mysqlnd extension. Fatal JS error on index creation after using Enter key to submit the form. Set "axis-order" to swap lon and lat on MySQL = 8.1. Overwriting a bookmarked query causes a PHP fatal error. Typo in a condition in the Sql class. Local setup doc links pointing to a wrong location. Error importing utf-8 with bom sql file. FA UX enhancement: autofocus 2FA input. Table column description PHP error when 'DisableIS' = true;. Local documentation links display when a PHP extension is missing. Some twig code deprecations for php 8. ENUM and SET display when editing procedures and functions. Keep full query state on "auto refresh" process list. Keep columns order on "auto refresh" process list. Editing a failed query from the error message. The alter user privileges query to make it MySQL 8.0.11+ compatible. Copy table to another database when the nbr of DBs is cfg 'MaxDbList' . Relations of tables having spaces or special chars not showing in the Designer. a very rare JS error occuring on mousemove event. Make a foreign key link clickable in a new tab after the value was saved and replaced. a PHP notice "Undefined index: column_info" on views. The data stream when exporting data in file mode. Templates/ directory not found error. Remove chdir logic to PHP fatal error "Uncaught TypeError: chdir()". Support for Twig 3. Allow phpmyadmin/twig-i18n-extension 3.0. Trim spaces for integer values in table search. Cannot edit or export TIMESTAMP column with default CURRENT_TIMESTAMP in MySQL = 8.0.13. Error 500
4.8.413 Dec 2018 07:25 minor bugfix: Remove hash param in edit query URL. in Changing theme. Ensure that database names with '.' are handled properly when DisableIS is true. Invisible Icon "Show Full Queries". CSS in Designer. Error while copying database (pma__column_info). "No database selected" - DROP a view. Move operation causes SELECT FROM `undefined`. Enum '0' produces incorrect search SQL. TypeError in database designer. QBE selenium tests broken since merge of #13342. When logging with cfg 'AuthLog' to syslog, successful login messages were not logged even if cfg 'AuthLogSuccess' was true. infinite loop when sorting table rows by key. Regression on multi table query functionality (foreign keys). designer errors when database is empty. designer errors when database contains special chars. designer javascript errors. left/right icons hidden. security Local file inclusion flaw in the Transformation feature (PMASA-2018-6). security Multiple CSRF/XSRF vulnerabilities (PMASA-2018-7). security XSS vulnerability in the navigation tree (PMASA-2018-8).
4.8.323 Aug 2018 03:15 minor bugfix: Error when naming a database '0'. NULL as default not shown. with recent table list. slow performance on DB structure filtering. Editing server variable not showing save or cancel option. Populate options for view create and edit. FA configuration fails if PHP doesn't have GD support. Can't unhide tables. "Visualize GIS data" icon missing. Event scheduler status toggle doesn't work. View not working on multiple servers. Partition actions in table structure do not work. ERR_BLOCKED_BY_XSS_AUDITOR on export table. Blank message shown instead of MySQL error when adding trigger and other locations. PHP 7.3 warning: "continue" in "switch" is equal to "break". Icon missing when creating a new trigger, routine, and event. Table comment not showing since 4.8.1. Drop table doesn't work when you copy tables to another database. Escaped HTML in 'Add a new server' setup. security HTML injection in import warning messages, see PMASA-2018-5.
4.8.224 Jun 2018 03:45 minor security: WHERE 0 causes Fatal error. Missing index icon. security XSS vulnerability in Designer, see PMASA-2018-3. security File inclusion and remote code execution vulnerability, see PMASA-2018-4.
4.8.126 May 2018 08:25 minor bugfix: case where the central columns attributes don't get filled in. case where the query builder doesn't work when selected column is *. Revert "Browse" table CSS overflow. Dropping indexes and foreign keys fail. Relational linking broken. error in configuration storage zero config. Show 2FA Secret next to QR code. XML Export from single table throws fatal error. Line and some other charts ignore result set order of values chosen for the x-axis. configuration for DefaultLang and Lang. Linking for 'Distinct values' broken. MariaDB 10.2 current_timestamp(). for missing go button in view edit. for with spatial fields. Remember table's sorting broken. multi-column sorting. central columns in-line edit - AUTO_INCREMENT error when only exporting table structure in database-level exports. Simulating queries produces unexpected results. Setup script icons missing.
4.8.009 Apr 2018 03:15 major feature: Allow to export JSON with unescaped unicode chars. Disable login button without solved reCaptcha. Allow to remove individual segments from pie charts. Change label from "Improve table structure" to "Normalize" to match standard terminology. Offer login as different user on access denied from MySQL. Indicate when HTTPS is not properly reported on the server. No database selected error when adding foreign key. Improved database search to allow search for exact phrase match. Report error when trying to copy database to same name. Themes now have to contain metadata in theme.json. phpMyAdmin no longer requires eval() in PHP. The mbstring dependency is now optional. Small refactoring in preparation to CSP. Database link broken in Databases Page. Configurable authentication logging using cfg 'AuthLog' . Add support for Google Invisible Captcha. Improved error reporting for reCAPTCHA. Improved rendering of server variables table. javascript editor for TIME values. alignment of foreign keys editing. Improved inline editor for JSON. Improved layout of operations pages. Add "format" query button in edit view form. Implement Responsive Design/mobile interface. Use a single location for classes under PhpMyAdmin namespace. Indicate SSL status on main page. Configuration directives for defaults of Transformation options. Remove inline JavaScript. Show MySQL warnings when executing SQL queries. Allow Designer to show tables from other databases. Replace Query-By-Example with multi-table query generator interface. Add privileges export to per-database listing. Consolidate functions into class files. Add support for changing collation for all tables and columns in database. Add support for creating fulltext index from table structure. Lower default value for cfg 'MaxExactCount' . DisableIS is not fully honored. Added support for authentication using U2F and 2FA. Avoid removing cookies on upgrade. Remember state of navigat
4.7.906 Mar 2018 03:15 minor bugfix: Browsing tables with more results. "Not an integer" when browsing a table. "Input variables exceeded 1000" error relating to PHP's max_input_vars directive.
4.7.823 Feb 2018 03:15 minor bugfix: Resetting default setting values. Fallback value for collation connection. Error handling in PHP 7.2. security XSS in Central Columns Feature, See PMASA-2018-01.
4.7.709 Jan 2018 08:45 minor bugfix: displaying of formatted numeric values for some locales. Ensure datetimepicker is always loaded for datetime fields. PHP error when browsing certain results. security XSRF/CSRF vulnerability, see PMASA-2017-09.
4.7.602 Dec 2017 03:15 minor bugfix: check all interaction with filtering. Add SJIS-win to default list of allowed charsets. Improve detection that MySQL server needs SSL connection. Support JSON datatype on MariaDB 10.2.7 and newer. constructing ALTER query with AFTER. Lock page when changes are done in the SQL editor. Prefer iconv for encoding conversions. changing password on MariaDB cluster.
4.7.524 Oct 2017 03:15 minor bugfix: Avoid problems with browsing unknown query types. Integrate tooltip into datetime pickers. Javascript error in server monitor. Server monitor on non Linux and Windows systems. Reload javscript messages when changing language. Crash on invalid ordering data. Error when browsing non SELECT results. Saving column to display. Export of tables with VIRTUAL columns. Selecting multiple rows accidentally selects the next row too. Edit index Column alignment - rendering of add index dialog. Possible error in server advisor. Setting input transformations. IPv4/IPv6 To Binary input transformation. Clicking on column name to trigger sort with an active search leads to logout. Copying tables with specific PARTITION definition. Listing of bookmarks for a database.
4.7.425 Aug 2017 06:05 minor bugfix: Remove shadow from the logo. Per server theme feature. Missing newline in ALTER exports. Several compatibility with PHP 7.2. Copy results to clipboard. Add limitation for user group length. Edit variable link in advisor. Optimize table link should not be visible in print page. Improved error handling on corrupted tables. Rendering of add index dialog. Refreshing server variables.
4.7.322 Jul 2017 03:15 minor bugfix: Large multi-line query removes Export operation and blanks query box options. Rendering of query results. Version check when not connected to a database. Creating relation. Export without backquotes. Improved handling of uploaded files with open_basedir. Inline editing of hex values. Size of index edit dialog. Rendering SQL lint errors. Avoid breakage if set_time_limit is disabled. Fail if ini_set/ini_get are disabled. Automatically connect using SSL when server is configured so. Usage of some browser transformations.
4.7.201 Jul 2017 06:25 minor bugfix: Make theme selection keep current server. Direct login for accounts without password. Check for mbstring.func_overload. Wrong encoding of table at triggers. Natural sorting in several places. Show warning for users removed from mysql.user table. Loading additional javascripts. Editing QBE. Improved documentation on user settings. Gracefully handle early fatal errors in AJAX requests. Incorrect NavigationTreeEnableExpansion default value in the documentation. Export of database with a lot of tables. Improved performance when importing with enabled tracking. Avoid PHP errors with non existing configuration on OS X. Show only supported charsets for conversion. Operation with session.auto_start enabled. "Create PHP code" is broken. Links to resume timeouted import.
4.7.102 Jun 2017 03:15 minor bugfix: Always execute tracking queries as controluser. Focus on SQL editor after inserting field name. Broken links in setup. Database list Tooltips: Show wrong value. Pagination while browsing resuls. Outbound links in changelog.php. Do not include devel dependencies in the release. Do not show New as a database in database dropdown. Handling of errors in AJAX requests. PHP error in case of invalid table preferences. PHP error on password change. Refresh of Process List. Refresh of long queries. Improved handling of logout with disabled LoginCookieDeleteAll. Add support for MySQL 8.0 collations. Rendering of phpMyAdmin logos. Properly report not working sessions. Password check on server replication. Grid editing time column. Detection of Amazon RDS. Redirect user to last page that has any tables to display. Link to User accounts overview page. Error in query builder. Grid editing repeats action after error.
4.7.031 Mar 2017 03:15 major bugfix: patch #12233 Display Improve message when renaming database to same name. Log authentication attempts to syslog. Remove support for Swekey authentication. Remove code for no longer supported MSIE versions. Remove embedded PHP libraries, use composer to install them. Cannot easily select multiple tables when exporting. Add javascript filtering for databases. More compact rendering of navigation tree. Improve performance with SkipLockedTables. Do not hide indexes under a slider. Improve performance of zip file import. Removed cfg 'ThemePath' . Add support for export user settings as snippet. Better report query errors while generating SQL exports. Produce valid JSON on export. Setup script icons broken. Support IPv6 proxies. Removed MySQL connection retry without password. Allow to specify further parameters for control connection. Show charset for each table on Database structure page. Incorrect link in the href of icon at Hide/Show unhide links. Shortcut for closing console. Improved handling of http requests. Broken links in Setup forms Navigation. Can't add a new User. Add 'token' Parameter in all POST requests ('Token mismatch' errors). Improved usage of number_format. Server selection not working. NULL results in dataset are colored grey. Create Bookmark broken. Use unsigned int for storing bookmark ID. Added password strength indicator. Correctly handle HTTP status when doing requests. Add option to delete settings from browser storage. Remove unused PMA_addJSCode function. Add table filtering to database structure. Allow to configure signon session parameters. Drop database is broken. Can't toggle Event Scheduler on. Finish removing dead code references to xls/xlsx import and export, which was removed some time ago. Rename "Relations" to "Relationships" in many places as it's the more proper term. margins in central columns feature. Document more export configuration options. Use consis Nov 2016 05:45 minor bugfix: Incorrect parameters to escapeString in Node.php. PHP error when mbstring is not installed. Don't force partition count to be specified when creating a new table.
4.6.526 Nov 2016 03:15 minor bugfix: Remove potentionally license problematic sRGB profile. Display read only fields as read only when editing. expanding of navigation pane when clicking on database. Impove partitioning support. Reintroduced simplified PmaAbsoluteUri configuration directive. Always use UTC time in HTTP headers. Simplified validation of external links. browsing tables with built in transformations. Do not show warning about short blowfish_secret if none is set. random logouts due to wrong cookie path. editing of ENUM/SET/DECIMAL fields structure. Missing escaping of configuration used in SQL (hide_db and only_db). Add error checking in reading advisory rules file. Add checking missing elements and confirming element types from json_decode. Automatically save SQL query in browser local storage rather than in cookie. Unable to edit transformations. Remove unused paramenter when connecting to MySQLi. number formatting with different settings of precision in PHP. Use single quotes in PHP code. Option for the dropped column is not removed from 'after_field' select, after the column is dropped. Properly detect DROP DATABASE queries. possible race condition in setting URL hash. Remove caching of server information. Proper parsing of INSERT... ON DUPLICATE KEY queries. Proper parsing of CREATE TABLE... PARTITION queries. Code can throw unhandled exception. Do not try to keep alive session even after expiry. rendering BBCode links in setup. copy of table with generated columns. export of table with generated columns. Copying a user does not copy usergroup. Adding a new row with default enum goes to no selection when you want to add more then 2 rows. Drag and drop import prevents file dropping to blob column file selector on the insert tab. Absence of scrolling makes it impossible to read longer text values in grid editing. "Edit routine" crashes when the current user is not the definer, even if privileges are adequate. Export selective tables by-d
4.6.418 Aug 2016 06:45 minor security: security Weaknesses with cookie encryption, see PMASA-2016-29. security Improve session cookie code for openid.php and signon.php example files. security Full path disclosure in openid.php and signon.php example files. security Multiple XSS vulnerabilities, see PMASA-2016-30. security Multiple XSS vulnerabilities, see PMASA-2016-31. security Unsafe generation of BlowfishSecret (when not supplied by the user). security Referrer leak when phpinfo is enabled. security PHP code injection, see PMASA-2016-32. security Full path disclosure, see PMASA-2016-33. security SQL injection attack, see PMASA-2016-34. security Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35. security Local file exposure through symlinks with UploadDir, see PMASA-2016-36. security Path traversal with SaveDir and UploadDir, see PMASA-2016-37. security Multiple XSS vulnerabilities, see PMASA-2016-38. security SQL injection vulnerability as control user, see PMASA-2016-39. security SQL injection vulnerability, see PMASA-2016-40. security Denial-of-service attack through transformation feature, see PMASA-2016-41. security SQL injection vulnerability as control user, see PMASA-2016-42. security Verify data before unserializing, see PMASA-2016-43. security Use HTTPS for wiki links. Remove Swekey support. security SSRF in setup script, see PMASA-2016-44. security Denial-of-service attack with cfg 'AllowArbitraryServer' = true and persistent connections, see PMASA-2016-45. security Improve SSL certificate handling. security full path disclosure in deging code. security Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47. security Detect if user is logged in, see PMASA-2016-48. security Bypass URL redirection protection, see PMASA-2016-49. security Referrer leak, see PMASA-2016-50. security Reflected File Download, see PMASA-2016-51. security Arbitrary
4.6.324 Jun 2016 03:15 minor security: Cookie path on Windows. Error reporting on connect problems. Export of tables without explicitly set engine. Designer JavaScript error: Show/Hide tables list. MySQL SSL connection with some PHP versions. MySQL connection error on version mismatch. Keep user attributes (privileges, authentication mode, etc) when copying a user. Division by zero in case of misconfigured MySQL server. Editing server variables. Table size calculation in some circumstances. Listing routines for non privileged user. Escape generated query in exporting a database. Setup script doesn't use input type 'password' in all relevant locations. security BBCode injection in setup script, see PMASA-2016-17. security Cookie attribute injection attack, see PMASA-2016-18. Redirect loop when directly calling url.php. security SQL injection attack, see PMASA-2016-19. security XSS attack in Table Structure page, see PMASA-2016-20. security XSS attack in Server Privileges page, see PMASA-2016-21. security DOS attack vulnerability, see PMASA-2016-22. security Multiple full path disclosure vulnerabilities, see PMASA-2016-23. security Full path disclosure when running in demode. security XSS attack with partition range and table structure, see PMASA-2016-25. security XSS attack when checking database privileges, see PMASA-2016-26. security XSS attack when MySQL server is using a specific payload log_bin directive, see PMASA-2016-26. security XSS vulnerabilities in Transformation feature, see PMASA-2016-26.
4.6.226 May 2016 03:15 minor bugfix: security User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14. security Self XSS vulneratbility, see PMASA-2016-16. Use https for documentation links. schema export with too many tables. Avoid parsing non JSON responses as JSON. Avoid using too log URLs when getting javascripts. setting mixed case languages. Avoid storing objects in session when deging SQL. cookie path on IIS. occassional 200 errors on Windows. locking when importing SQL. Avoid confusing warning when mysql extension is missing. Improve handling of logout. Safer handling of sessions during authentication. server selection on main page. Avoid storing full error data in session. export of ARCHIVE tables with keys. Add session reload for config authentication. Do not fail on errors stored in session. loading of APC based upload progress bar.
4.6.110 May 2016 03:15 minor bugfix: PMA_Util not found in insert_edit.lib.php. Activation of some languages. Error in 3NF step of normalization. Offering JSON datatype in incompatible MySQL versions. Can not open table with JSON field. Cannot highlight a column if I scroll down from the top of the table. Possible PHP error in SQL parser. SQL quoting in SQL export. Improve performance of database structure page. PHP error if user did unpack new version over old one. Parsing of expression 0. Document setup with Google Cloud SQL. Parsing of queries with double . Setting of language from user configuration. Check for ndb version. Loading of configuration file. Check if sessions are working and report failures. Non-clickable initial letter for users / and can't modify users with MySQL 5.7.12. Config tab persistence errors. Javascript erros on user creation. Parsing of some AS clauses. Parsing of FULL OUTER JOIN queries. Editing of VIEW structure. Avoid printing executed queries on import. Mar 2016 03:15 major bugfix: Disabled storage engines. Allow setting routine wise privileges. Hide Insert tab for non-updatable views. UI for defining partitioning in create table window. Support JSON data type. Editing partitions in table Structure. Tracking does not make sense for information_schema. Regression in Find and replace. TokuDB Tables Show Size as "unknown". Use a slider for Internal relations. Ability to disable the navigationhiding Feature. Restrict configuration NavigationTreeDbSeparator to strings. Disable the tooltip in the navigation panel's filter box. Copy results to clipboard. Reactivate cut paste possibility in print view. Extraneous message after edit + grid-edit. Table header is empty with browsing an empty table. Allow changing parameter order of routines. Remove no password warning. Clarify the meaning of "Stand-in structure for view" in SQL export. HTML line break shown after a MySQL connection error message. CSV import skip row count after. displaying of SQL query on table operations. Display binary strings as text if they are valid UTF-8. Display routine specific privileges. Copy multiple tables to database. Support Cloudflare Flexible SSL. Handle empty TABLE_COMMENT. Drop support for old Internet Explorer versions. Use modals for displaying forms in db structure page. Show MySQL error messages in user language. Add 'ssl_verify' configuration directive for self-signed certificates with mysqlnd and PHP = 5.6. Show more used PHP extensions. Report when version check and error reporting are disabled. PDF schema export. Remove ForceSSL configuration directive. Remove support for Mozilla Prism. Remove PmaAbsoluteUri configuration directive. autoloading of phpseclib. rendering of missing extension error. Errors on Structure tab when user only has select access on certain columns. Missing documentation for cfg 'Servers' i 'favorite' and cfg 'NumFavoriteTables Mar 2016 00:45 minor security: CREATE UNIQUE INDEX index type is not recognized by parser. Row count wrong when grouping joined tables. Column definition with default value and comment in CREATE TABLE expoerted faulty. New statement but no delimiter and unexpected token with REPLACE. incorrect usage of SQL parser context in SQL export. security XSS vulnerability in SQL parser, see PMASA-2016-10. security Multiple XSS vulnerabilities, see PMASA-2016-11. security Multiple XSS vulnerabilities, see PMASA-2016-12. security Vulnerability allowing man-in-the-middle attack on API call to GitHub, see PMASA-2016-13. inclusion of gettext library from SQL parser. Feb 2016 09:05 major bugfix: Undefined index: is_ajax_request. password change on MariaDB 10.1 and newer. Validate version information before further processing it. Full processlist lost on refresh. Adjust privileges fails if database name contains underscores. 'Loading...' banner shows on login screen. changing of table parameters, eg. AUTO_INCREMENT. Call to undefined function SqlParser ctype_alnum(). .5.3.1 - NOW() function not recognized by parser. Gracefully handle the DESC statement. Fractional timestamp causes corrupted SQL export. Static analysis error for valid WHERE condition with IF keyword. Syntax Verifier error using REGEXP in SQL statement. Backslashes in comments are being interpreted as escape characters. Can't insert row into table that contains generated column. sql-parser and php-gettext collide. Can't disable backquotes in export. Inserts via tbl_change.php in VARBINARY columns does not allow using HEX() and MD5(). Correct content type for uploaded error reports. Silent errors from checking local documentation. error on servers with disabled php_uname. Correctly store and report file upload errors. Avoid javascript errors on invalid location hash. PHP warning on configuration errors. Silent errors on checking for writable folders. Silent warning on invalid file upload. Do not fail getting filename with open_basedir limitations. unrecognized keyword interval. Field names and aliases are being correctly parsed now. javascript error in setup. Undefined index: TABLE_COMMENT in database structure page. PHP error on loading invalid XML or ODS file. Missing confirmation while dropping a view in view_operations.php. export of index comments in SQL. DECLARE not accepted as valid SQL. Jan 2016 14:05 major security: live data edit of big sets is not working. Table list not saved in db QBE bookmarked search. While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword. Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars. Properly handle errors in upacking zip archive. Set PHP's internal encoding to UTF-8. Kanji encoding in some specific cases. Check whether iconv works before using it. Avoid conversion of MySQL error messages. Undefined index: parameters. Undefined index: field_name_orig. Undefined index: host. 'Add to central columns' (per column button) does nothing. SQL duplicate entry error trying to INSERT in designer_settings table. handling of databases with dot in a name. hiding of page content behind menu. FROM clause not generated after loading search bookmark. creating/editing VIEW with DEFINER containing special chars. Do not invoke FLUSH PRIVILEGES when server in --skip-grant-tables. Misleading message for configuration storage. Table pagination does nothing when session expired. Index comments not working properly. Better handle local storage errors. Improve detection of privileges for privilege adjusting. Undefined property: stdClass:: releases at version check when disabled in config. SQL comment and variable stripped from bookmark on save. Gracefully handle errors in regex based javascript search. Security Multiple full path disclosure vulnerabilities, see PMASA-2016-1. Security Unsafe generation of CSRF token, see PMASA-2016-2. Security Multiple XSS vulnerabilities, see PMASA-2016-3. Security Insecure password generation in JavaScript, see PMASA-2016-4. Security Unsafe comparison of CSRF token, see PMASA-2016-5. Security Multiple full path disclosure vulnerabilities, see PMASA-2016-6. Security XSS vulnerability in normalization page, see PMASA-2016-7. Security Full path disclosure vulnerability in SQL parser, see PMASA-2016-8. Security XSS vulnerabili Dec 2015 06:25 major bugfix: Incomplete results of UNION ALL. MATCH AGAINST keywords not recognized. syntax verifier is not knowing "STRAIGHT_JOIN". REPLACE() function confused with REPLACE statement. FLUSH word not recognized by parser. Online syntax verifier - "IF" on SELECT statement. Format breaks query with COUNT(). Undefinex index: SendErrorReports. Incorrect script name in include. Warning: Invalid argument supplied for foreach(). Delimiter missing while exporting multiple db routines. mysql_native_password with MariaDB - Flush privileges overusage - related to #11597. Query was empty on creating User in 4.5.2. PMA_getDataForDeleteUsers() warning. Cannot create user on Percona Server. Properly report error on connecting. Database export template not saving compression option. single quote export for servers in ANSI_QUOTES mode. Avoid duplicite fetching of table information. Temporary for live data edit of big sets is not working. IE 8 compatibility in console. Exporting feature does not work with union table. Cannot export results of some queries. Message "An account already exists..." incorrectly displayed. Missing quoting of table in ALTER CONVERT query. PMA 4.5.2 breaks MySQL Master-Master Cluster. Export and preview show different SQL for character set. possible undefined variables in table operations. Nov 2015 06:45 major feature: Incorrect parameter in mysqli_fetch_fields(). Missing headers in zipped export. Parser: Array to string conversion. Huge binary log growth on 4.5.x. 'only_db' config option when db names contain underscore and are grouped. Unable to change password from Login information tab. Undefined variable: res_rel. Warning while exporting schema to PDF. Undefined index: new_row_format. Changing hostname kills password. Undefined variable: db. CREATE TABLE/INSERT INTO executed twice (ctrl+enter). Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given. Exporting GIS visualization ignores start and row count. Errors instead of git info when PHP has no gzip support. CodeMirror tooltip shows below modal window. with the MainBackground Color. Profiling checkbox is missing. Properly handle session expiry after POST requests. Notice in./export.php#214 Undefined index: quick_or_custom. Unrecognized keywords. Sql not executed properly. Linter warnings when creating new user. wrong row count for query results. Analyzer doesn't recognize GRANT statements. Parser warnings (subqueries). Collation column is empty in table Structure. Error changing table's column encoding. Oct 2015 07:05 major feature: Invalid argument supplied for foreach(). array_key_exists() expects parameter 2 to be array. Notice Undefined index: drop_database. Server variable edition in ANSI_QUOTES sql_mode: losing current value. Propose table structure broken. phpMyAdmin suggests upgrading to newer version not usable on that system. 'PMA_Microhistory' is undefined. Incorrect definition for getTablesWhenOpen(). Error when creating new user on MariaDB 10.0.21. Notice on htmlspecialchars(). Notice in Structure page of views. AUTO_INCREMENT always exported when IF NOT EXISTS is on. Some partitions are missing in copied table. Notice of undefined variable when performing SHOW CREATE. Error exporting sql query results with table alias. SQL editing window does not recognise 'OUTER' keyword in 'LEFT OUTER JOIN'. "NOT IN" clause not recognized (MySQL 5.6 and 5.7). Yellow star does not change in database Structure after add/remove from favorites. Invalid SQL in table definition when exporting table. Foreign key to other database's tables fails. while exporting results when a joined table field name is in SELECT query. Strange behavior on table rename. Rename table does not result in refresh in left panel. Missing arguments for PMA_Table::generateAlter(). Notices about undefined indexes on structure pages of information_schema tables. Change minimum PHP version for Composer. Import parser and backslash. "Visualize GIS data" seems to be broken. Confirm box on "Reset slave" option. cookies clearing on version change. Cannot execute SQL with subquery. Incorrect syntax creating a user using mysql_native_password with MariaDB. Cannot use third party auth plugins. Sep 2015 16:45 major bugfix: Undefined "replace" function on numeric scalar. Stored-proc / routine - broken parameter parsing. Missing name for configuration read_as_multibytes. Incorrect "No row selected" message. MySQL 5.5 and the language system variable. Semantics of export and import icons are mixed up. Designer-in move.js on multiple server configuration. Invalid UTF-8 sequence in argument. Request URI too large. Invalid argument supplied for foreach(). Foreign key constraints for InnoDB tables with upper-case letters disabled. Warning when entering Query page. Aug 2015 10:45 major documentation: Export after search, missing WHERE clause. Incomplete message after import. Incorrect scalar type declaration (reported under PHP 7). ReCaptcha produces deprecated messages under PHP 7. phpseclib 2.0 produces deprecated messages on PHP 7. "Switch to copied table" doesn't work. Missing quotes after calling "distinct values". Cannot import database with long data in one column. SPATIAL index option is not clickable. Aug 2015 07:25 minor feature: "Improve table structure" generates invalid SQL. issue Once checked "Show only active" checkbox is always checked. Delete rows using "Check All" is broken. issue Fix PHP 7 possible binding ambiguity. Exported schema includes all the tables of the database. Results not displayed if query ends in delimiter and comment. Live edit of data fields is not working always. issue Table list in navigation collapses when entering into a table in another page. JS error while trying to auto navigate to db structure page when db creation has failed. Jul 2015 08:25 minor feature: Saved chart image did not have a proper name or an extension. Timepicker CSS issues in Original theme. Move/Copy/Rename operations on Table/Db fail on Drizzle server. Two inline edit windows. Problem when import *.ods file. Add missing head tag. Column headers move when scrolling. Jul 2015 22:05 minor feature: bug Missing selected/entered values when editing active options in visual query builder. Autoload from prefs_storage not behaving properly. Incorrect length computed for binary data. bug Remove character set from create_tables_drizzle.sql. Users overview needs clarification. Creating a database from console doesn't update navigation panel. FAQ 1.17 needs an update. Jun 2015 15:45 minor feature: Issues in database selection for replication. Trying to save chart as image crashes the browser. cant drag sql.gz file onto import input. Table creation results in GET request with missing server parameter that invalidates the session. Javascript error when Designer is opened. Insert by foreign key scrolls page to top. Clicking on the navi logo does not always work. bug External URL for cfg 'NavigationLogoLink' causes JavaScript error when clicked. Jun 2015 13:25 minor feature: relation view doesn't list fields of table in other database. Sorting by an alias. False error before entering reCAPTCHA. central column with multiple server. Custom export with backquotes off is not working. Reverse proxy: infinite internal redirect (added warning in doc). Export to gzip saves plain text under Chrome. May 2015 03:16 minor feature: bug Allow accessing visual query builder when pmadb is not configured. Nav tree line alignment issue. Lock page icon is not shown after fresh reload. "Highlight pointer" and "Row marker" doesn't work properly. bug Browse foreigners window goes out of the window. Date field popup dialog position bug. bug In /setup, PMA_messages is not defined. Recaptcha failure. Database copy doesn't work for tables with more than one FULLTEXT index. Edit view structure doesn't load the algorithm. Do not limit table comments to 60 characters. May 2015 03:16 minor feature: Settings issues (Favorite tables shown twice in Settings). Non-styled error page when following results link. Deleting without confirmation. Issues with SQL autocomplete. Column hint in SQL autocomplete is sometimes not shown. JS error after selecting a field and press Enter. bug Honor proxy settings when getting Git commit information. bug Missing title on link. ForceSSL Redirect Check. bug Undefined index collation_connection. bug Error when the reporting server is down. bug Escape database and table names for partition maintenance. bug Invalid value for CURLOPT_SSL_VERIFYPEER. Import status infinite loop. Designer: Loading does not work. Setup: Overview Display does not work. Designer: pages from all databases. May 2015 03:45 minor feature: webkitStorageInfo and webkitIndexedDB is deprecated. Undefined variable: unique_conditions. CSV Import ignores "Replace table data with file" checkbox. May 2015 20:05 minor bugfix: Table overhead stats: missing space before the unit. Fix resize icon in Designer. Exit fullscreen in Designer does not change the button text. Designer icons missing when using original theme. Column list of central columns is not cleared. jQuery dialogs of the Designer are not displayed in fullscreen. Search function breaks when searching for certain combinations of backslashes and slashes. Maximum execution time exceeded in Util.class.php (better fix). Some icons are above the overlay of jQuery dialogs. Clicking on external links in advisor rules give JS error. Filter in central columns does not work in other languages. Apr 2015 02:45 minor bugfix: Don't scroll (to bottom) when editing multiple rows. Misaligned Inline edit field. Use of undefined constant PMA_DRIZZLE. sprintf(): Too few arguments. Limit column ordering in index edit dialog. Incorrect ALTER TABLE statement generated. Inconsistency in 'Ignore' checkbox in insert page. Drop column action not asking to confirm. Error on creating table. Bugfux for Undefined index: Rows. Apr 2015 14:05 minor feature: PHP errors in login dialogue. json_encode error due to strftime returning non utf8 chars in Windows 8.1 Chinese version. White screen (Cloudflare). Server error viewing table content. bug Fix issues related to number of decimal places in time. Relation view between 1600 and 1780 px. bug PHP 7 compatibility in php-gettext. bug PHP 7 compatibility in bfShapeFiles. bug PHP 7 session_regenerate_id() warning. Alter table after changing column name error. Maximum execution time exceeded in Util.class.php. Apr 2015 13:05 minor feature: Fixed changing the password for another user. Request URI too large. MySQL 5.7.6 and Databases: Use 'server' parameter in console to work in multi server environments. Missing tooltip in monitor. Missing sort icons in monitor. Inline edit broken when using functions in query. Timed-out import fails to restart when file represented. pMA DB not detected properly. Datepicker missing when changing number of rows on Insert page. INNODB STATUS page is empty. JavaScript is loaded in wrong order. TEXT formatting doesn't work after inline editing. Compress when php.ini output_buffering is active. Sorting distinct values result loses links. Do not attach token to css requests to improve caching. Apr 2015 03:16 minor feature: rfe InnoDB presently supports one FULLTEXT index creation at a time. rfe Allow tracking multiple table at once from database level tracking page. rfe Improve action message on Tracking page. rfe Change value of "Number of rows:" when "Show all" is checked. rfe Focus console by clicking on white space. rfe Part 1: Cycle through console history with keyboard up/down arrows. rfe Default to primary key when adding relation. rfe User prefs: Diff-friendly JSON for config. rfe Sever Variables Table UI Improvements. phpMyAdmin should be able to work without 'examples' DIR - move SQL scripts to sql directory. rfe Warn about reserved word only when a column is created. rfe Recaptcha API v2. rfe Individual Zeroconf PMA tables support. rfe Generate keys one per line. rfe allow table with transformed column anywhere in FROM clause. rfe Shortcut link to search page. rfe Fold Add Column After / Before into dropdown. Table structure: adding primary key doesn't refresh page. rfe SQL formatter. rfe Fast filter improvement: remove "x other results found". No error message on Missing extension mbstring. rfe Builtin transformations and relations. rfe USING BTREE support for HEAP/MEMORY tables. rfe Make "Options Relational" configurable. rfe More details in PDF relation view. rfe Cannot enter connection for federated engine table. rfe Allow SALT in ENCRYPT function. rfe Setting LoginCookieValidity session.gc_maxlifetime. rfe Transformation for JSON. bug Fix isCanvasSupported for new window. rfe Clarify the "Inline" link. rfe Speed up slow triggers by using EVENT_OBJECT_SCHEMA. rfe ON DUPLICATE KEY UPDATE for loading CSV. bug Cannot execute command from console (multi-server installation). rfe linking from information_schema. rfe Relation view: move to main "Structure" page. rfe Designer menu with explicit text. rfe Relations with views like with tables. rfe Browse Field - Search. rfe Provide sanity check for table/column Mar 2015 19:25 hidden: "Show hidden items" is sometimes hidden. Breaks when sorting by multiple columns while using UNION. Missing column when exporting in sql. Broken find and replace. Undefined Index after export schema. Changelog page is not working. Infinite calls to index.php. Invalid links to simulate query fails, but actual query does not. Mar 2015 06:25 minor feature: bug #4746 Right-aligned columns have left-aligned header bug #4779 PMA_Util::parseEnumSetValues fails on enums with UTF-8 values bug Undefined index savedsearcheswork bug #4788 Inline edit of DATE fields with NULL, NULL checkbox is under datepicker bug #4790 DROP TABLE/VIEW IF EXISTS are not tracked bug Compatibility with central columns of version 4.4 bug #4758 Firefox with auth_type to http with multiple server doesn't work anymore bug #4789 Views aren't dropped when copying a database bug #4784 Incomplete bookmark saving bug #4786 SELECT width on relations page Mar 2015 19:25 security: Risk of BREACH attack, see PMASA-2015-1 Mar 2015 20:05 minor feature: SQL links are completely wrong. MariaDB: version mismatch. Some images are missing in Designer for original theme. Drizzle: undefined index in Normal field and multi-line field have different margins. Cannot re-import settings from local storage. SQL error when database list is sorted by additional columns. Notice when timestamp column does not have default value. Feb 2015 04:05 minor feature: bug Undefined index navwork bug #4744 Opening console scroll down the page bug Remove extra column heading in view structure page bug Add missing confirmation when deleting central columns bug Undefined index DisableIS bug #4763 Database export with more than 512 tables fails bug #4769 Previously set column aliases are destroyed if returned to the same table bug #4752 Incorrect page after creating table bug #4771 Central Columns not working, showing error Feb 2015 03:17 minor feature: bug #4728 Incorrect headings in routine editor bug #4730 Notice while browsing tables when phpmyadmin pma database exists, but not all the tables bug #4729 Display original field when using "Relational display column" option and display column is empty bug #4734 Default values for binary fields do not support binary values bug #4736 Changing display options breaks query highlighting bug Undefined index submit_type bug #4738 Header lose align when scrolling in Firefox bug #4741 in ./libraries/Advisor.class.php#184 vsprintf: Too few arguments bug #4743 Unable to move cursor with keyboard in filter rows box bug Incorrect link in doc bug #4745 Tracking does not handle views properly bug #4706 Schema export doesn't handle dots in db/table name bug #3935 Table Header not displayed correct bug #4750 Disable renaming referenced columns bug #4748 Column name center-aligned instead of left-aligned in Relations Jan 2015 07:05 minor feature: bug Undefined constant PMA_DRIZZLE bug #4712 Wrongly positioned date-picker while Grid-Editing bug #4714 Forced ORDER BY for own sql statements bug #4721 Undefined property: stdClass:: version bug #4719 'only_db' not working bug #4700 Error text: Internal Server Error bug #4722 Incorrect width table summary when favorite tables is disabled bug #4716 Collapse all in navigation panel is sometimes broken bug #4724 Cannot navigate in filtered table list bug #4717 Database navigation menu broken when resolution/screen is changing bug #4727 Collation column missing in database list when DisableIS is true bug Undefined index central_columnswork bug Undefined index favorite_tables Jan 2015 04:25 minor feature: bug #4694 js error on marking table as favorite in Safari bug #4695 Changing cfg doesn't update link and title bug Undefined index menuswork bug Undefined index navwork bug Undefined index central_columnswork bug #4697 Server Status refresh not behaving as expected bug Null argument in array_multisort bug #4699 Navigation panel should not hide icons based on 'TableNavigationLinksMode' bug #4703 Unsaved schema page exported as pdf.pdf bug #4707 Call to undefined method PMA_Schema_PDF::dieSchema bug #4702 URL is non RFC-2396 compatible in get_scripts.js.php Jan 2015 08:05 minor feature: bug Undefined index notices while configuring recent and favorite tables bug #4687 Designer breaks without configuration storage bug #4686 Select elements flicker and selects something else bug #4689 Setup tool creates "pma__favorites" incorrectly bug #4685 Call to a member function isUserType on a non-object bug #4691 Do not include console when no server is selected bug #4688 File permissions in archive bug #4692 Dynamic javascripts gives 500 when db selected Dec 2014 03:25 minor feature: bug #4653 Always connection error was shown, on /setup at tab "configuration storage" bug #4661 Drag and drop file import always fails bug #4651 don't open console with esc bug #4664 select min displays 1 row, but reports the table amount of rows returned bug #4666 Undefined indexes in table stucture print view of a view bug #4663 Export missing back ticks for order table name bug #4668 Remove from central columns error bug #4670 CSV import reads both commas and values into first column after first row bug #4642 phpmyadmin often fails to load due to specific load order bug #4671 Unable to move all columns bug #4645 Import of export created with mysqldump bug #4672 "Distinct values" does not page bug #4667 Consistency in borders bug #4658 Illegal string offset bug #4655 Undefined index: collation_connection bug #4673 Delimiter causing page lock Dec 2014 03:15 minor feature: bug The "Recently used tables" setting should be with Nav panel bug #4647 Can't disable Favorites bug #4646 Version Check Broken bug #4630 AJAX request infinite loop bug #4649 Attributes field size smaller than others bug #4622 Cannot remove table ordering on a Mac bug Fix initial replication configuration bug Undefined index central_columnswork bug #4657 Don't have default blowfish_secret bug #4656 Some error popups fade away too quickly bug #4648 Consistency in borders bug cfg no longer necessary bug #4659 Leading and trailing whitespace in column name Dec 2014 13:45 minor feature: bug #4628 PHP error while exporting schema as PDF bug #4631 Server selector submits two server parameter values bug #4629 Problem with custom SQL queries using cookie authentication bug Undefined index central_columnswork bug #4632 Notice in ./libraries/Util.class.php#1916 Undefined index: query bug #4633 Wrong parameter in fetchValue bug #4634 Error reporting creates an infinite loop bug #4635 Token mismatch while creating configuration storage bug #4640 Incorrect reference to PHP 6 bug #3794 failure to handle repeating empty columns when importing ODS bug #4638 Default Export Method setting broken bug #4639 Export SQL missing indentation first field bug #4637 Field Alignment bug #4644 Error when browsing tables Dec 2014 03:15 minor feature: bug #4609 'Show all' checkbox label is not clickable bug #4610 JS error reporting: Hash fragment is reset bug Undefined index menuswork bug #4614 Separator between "Show All" and "Number of rows" disappears bug #4615 SQL highlighting in process list breaks on auto refresh bug #4616 Warning in db structure print view page bug Undefined index navwork, savedsearcheswork, fields bug #4620 Undefined index while adding to the central columns list bug #4618 Page scrolls while GIS visualization is zoomed in/out with mousewheel bug #4613 HHVM: method 'ob_gzhandler' not found bug #4593 Manual "SELECT" doesn't change active table bug #4623 Incomplete PHP OpenSSL support bug #4626 Ctrl + click on a column not in sort triggers a server call to erroneous url bug #4625 "Insufficient space to save the file" on export SQL to file on server bug #4627 "file_get_contents: failed to open stream" after update bug #4617 UI issues with sortable tables bug #4619 SELECT LENGTH FROM `table` does not sort Dec 2014 07:45 minor feature: bug #4604 Query history not being deleted bug #4057 db/table query string parameters no longer work bug #4605 Unseen messages in tracking bug #4606 Tracking report export as SQL dump does not work bug #4607 Syntax error during db_copy operation bug #4608 SELECT permission issues with relations and restricted access Nov 2014 03:15 security: bug #4574 Blank/white page when JavaScript disabled bug #4577 Multi row actions cause full page reloads bug ReferenceError: targeturl is not defined bug Incorrect text/icon display in Tracking report bug #4404 Recordset return from procedure display nothing bug #4584 Edit dialog for routines is too long for smaller displays bug #4586 Javascript error after moving a column bug #4576 Issue with long comments on table columns bug #4599 Input field unnecessarily selected on focus bug #4602 Exporting selected rows exports all rows of the query bug #4444 No insert statement produced in SQL export for queries with alias bug #4603 Field disabled when internal relations used bug #4596 XSS through exception stack bug #4595 Path traversal can lead to leakage of line count bug #4578 XSS vulnerability in table print view bug #4579 XSS vulnerability in zoom search page bug #4594 Path traversal in file inclusion of GIS factory bug #4598 XSS in multi submit bug #4597 XSS through pma_fontsize cookie Nov 2014 03:15 minor feature: bug ReferenceError: Table_onover is not defined bug #4552 Incorrect routines display for database due to case insensitive checks bug #4259 reCaptcha sound session expired problem bug #4557 PHP fatal error, undefined function __ bug #4568 Date displayed incorrectly when charting a timeline bug #4571 Database Privileges link does not work bug makegrid.js: where_clause is undefined bug #4572 missing trailing slash Oct 2014 03:15 security security: bug #4562 XSS in debug SQL output bug #4563 XSS in monitor query analyzer Oct 2014 03:16 minor feature: bug #4361 Can't change font size bug #4542 Tab key in column name not shown bug PDF export: title not present in PDF bug #4543 Changing column name can break saved "order by" clause bug #4545 trying to favorite table while browser localStorage is disabled throws JS error bug #4259 reCaptcha sound session expired problem bug #4548 Inline editing a field converts tab to spaces bug #4252 Database-level permission bug for db names containing underscores bug #3120 Events are not exported when using xml bug #4554 Grid-editing timestamp column forces datepicker bug #4556 Fast filters for tables, views etc. should be governed by NavigationTreeDisplayItemFilterMinimum Oct 2014 20:11 security: Security: XSS vulnerabilities in table search and table structure pages Sep 2014 03:15 minor feature: bug ajax.js responseHandler: cannot read property of null bug sql.js: str is undefined bug #4524 Allow for direct selection of "0" on the "user overview" page bug #4529 Undefined index: pos bug #4523 tbl_change.js: insert as new row submit type on multiple selected records does not set all AUTO_INCREMENTs to 0 value bug ajax.js responseHandler: another "cannot read property" bug tbl_structure.js "cannot read property" Sep 2014 23:49 security: DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Aug 2014 23:09 minor bugfix: This bug fix corrects some odd export behavior, an uncaught TypeError, sql.js/server_privileges.js/functions.js property accesses, chart types did not match selected data, ignored AUTO_INCREMENT option and partitioned table in exports, duplicate column names while assigning index, import ODS files with trailing spaces in column names, navigation error in search results. Aug 2014 22:36 security: XSS in table browse page. Self-XSS in enum value editor. Self-XSSes in monitor. Self-XSS in query charts. XSS in view operations page. XSS in relation view.