uiXpress
Database Explorer

Summary

This directory contains comprehensive documentation for the uiXpress Database Explorer feature.

Quick Reference

Core Features

  1. Table Browser - Browse all database tables with details
  2. Table Structure View - View columns, indexes, and relationships
  3. Table Data View - Browse data with search, sort, and pagination
  4. SQL Query Editor - Execute read-only SELECT queries
  5. Table Deletion - Safely remove orphaned plugin tables
  6. Advanced Filtering - Filter by table type and search

Security Features

  • Authentication: Requires logged-in user with manage_options capability
  • CSRF Protection: Nonce verification on all requests
  • Password Verification: Required for destructive operations
  • Input Validation: Comprehensive sanitization and validation
  • SQL Injection Prevention: Prepared statements and safe queries
  • XSS Protection: Output escaping and HTML sanitization
  • Table Protection: Cannot delete WordPress core or system tables

User Interface

  • Two-Panel Layout: Table list sidebar + detail panel
  • Dark Mode: Full dark mode support
  • Responsive Design: Mobile-friendly with drawer navigation
  • Loading States: Visual feedback during operations
  • Error Handling: User-friendly error messages

Key Features Highlighted

1. Comprehensive Table Browser

  • View all database tables
  • See row counts and table sizes
  • Identify WordPress vs. custom tables
  • Search and filter functionality
  • Sort by name, rows, size, or type

2. Detailed Structure View

  • Column information (name, type, null, key, default)
  • Index details (name, column, type)
  • Foreign key relationships
  • Clean, formatted display

3. Powerful Data View

  • Pagination (configurable per-page)
  • Search across all columns
  • Column sorting (ascending/descending)
  • NULL value handling
  • Responsive table display

4. Safe SQL Query Editor

  • Read-only SELECT queries
  • Syntax validation
  • Query history (last 20)
  • Keyboard shortcuts (Ctrl+Enter)
  • Automatic LIMIT protection

5. Secure Table Deletion

  • Non-WordPress tables only
  • Password verification required
  • Double confirmation (password + dialog)
  • WordPress core table protection
  • Audit logging

6. Smart Table Detection

  • Prefix-agnostic WordPress detection
  • Works with any custom prefix
  • Multisite table recognition
  • System table protection

REST API Endpoints

All endpoints require authentication and nonce verification:

  • GET /uixpress/v1/database/tables - List all tables
  • GET /uixpress/v1/database/tables/{table}/structure - Get structure
  • GET /uixpress/v1/database/tables/{table}/data - Get data
  • GET /uixpress/v1/database/tables/{table}/count - Get row count
  • POST /uixpress/v1/database/query - Execute SELECT query
  • POST /uixpress/v1/database/verify-password - Verify password
  • DELETE /uixpress/v1/database/tables/{table} - Delete table

Security Measures

Authentication & Authorization

  • User must be logged in
  • Requires manage_options capability
  • Nonce verification (CSRF protection)
  • Password verification for deletions

Input Validation

  • Table name regex validation
  • SQL query sanitization
  • Comment removal
  • Keyword blacklist
  • Parameter type checking

Output Security

  • HTML escaping
  • XSS prevention
  • Generic error messages
  • Safe data display

Table Deletion Safety

  • WordPress core table protection
  • System table protection
  • Prefix-agnostic detection
  • Multisite awareness

Technical Stack

  • Frontend: Vue.js 3 (Composition API)
  • Styling: Tailwind CSS with dark mode
  • Backend: WordPress REST API
  • Database: MySQL/MariaDB via $wpdb
  • Security: Multi-layer validation

WordPress Table Detection

The system recognizes standard WordPress tables regardless of prefix:

Core Tables (12):

  • commentmeta, comments, links, options
  • postmeta, posts, terms, termmeta
  • term_relationships, term_taxonomy
  • usermeta, users

Multisite Tables (6, if enabled):

  • blogs, blog_versions, registration_log
  • signups, site, sitemeta

Usage Workflow

Viewing Tables

  1. Navigate to Database Explorer
  2. Browse tables in sidebar
  3. Use search/filter as needed
  4. Click table to view details

Viewing Structure

  1. Select a table
  2. Click "Structure" tab
  3. Review columns and indexes

Viewing Data

  1. Select a table
  2. Use "Data" tab (default)
  3. Search, sort, and paginate

Deleting Tables

  1. Filter to non-WordPress tables
  2. Select custom table
  3. Click "Delete Table"
  4. Enter password
  5. Confirm deletion

Using Query Editor

  1. Click "SQL Query Editor"
  2. Enter SELECT query
  3. Press Ctrl+Enter
  4. View results

Screenshots

Screenshots are available in the screenshots/ directory:

  • database-explorer-main-view.png: Main table browser interface
  • database-explorer-table-view.png: Table data view with search
  • database-explorer-query-editor.png: SQL query editor interface

Documentation Purpose

This documentation is designed for:

  1. Project Handover: Complete feature overview for new developers
  2. Feature Pages: Content for marketing/feature documentation
  3. Developer Reference: Technical implementation details
  4. User Guide: End-user feature explanations
  5. Security Review: Security implementation documentation

Database Explorer

Powerful, secure database management tool with modern interface for exploring and managing WordPress database

Features

Complete documentation of all Database Explorer features and capabilities.