- 'query' => 'SELECT '. ( $cgi->param('sql')
- || eidiot('Empty query') ),
- )
-%>
+ 'query' => "SELECT $sql",
+ 'count_query' => $count,
+&>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Raw SQL');
+
+my $sql = $cgi->param('sql') or errorpage('Empty query');
+$sql =~ s/;+\s*$//; #remove trailing ;
+
+my $count = $sql;
+$count =~ s/.* FROM /SELECT COUNT(*) FROM /i;