Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Sanitize input box
- $selectInput= htmlspecialchars(strip_tags(trim($_POST['selectInput'])), ENT_QUOTES);
- $fromInput= htmlspecialchars(strip_tags(trim($_POST['fromInput'])), ENT_QUOTES);
- $whereInput= htmlspecialchars(strip_tags(trim($_POST['whereInput'])), ENT_QUOTES);
- $likeInput= htmlspecialchars(strip_tags(trim($_POST['likeInput'])), ENT_NOQUOTES);
- if ( empty($selectInput) || empty($fromInput) || empty($whereInput) || empty($likeInput)){
- echo "Empty fields";
- //also kill the db connection here
- die();
- }
- $likeInput = str_replace(array("\"", "'"), "", $likeInput);
- $upperVerbs = '/\bcreate\b|\bdrop\b|\balter\b|\bshow\b|\binsert\b|\bload\b|\bselect|b|\bupdate\b|\bdelete\b|;/';
- $lowerVerbs = '/\bcreate\b|\bdrop\b|\balter\b|\bshow\b|\binsert\b|\bload\b|\bselect|b|\bupdate\b|\bdelete\b|;/';
- //$emptyString = '/""/';
- preg_replace($upperVerbs, '/""/', $selectInput);
- preg_replace($lowerVerbs, '/""/', $selectInput);
- preg_replace($upperVerbs, '/""/', $fromInput);
- preg_replace($lowerVerbs, '/""/', $fromInput);
- preg_replace($upperVerbs, '/""/', $whereInput);
- preg_replace($lowerVerbs, '/""/', $whereInput);
- preg_replace($upperVerbs, '/""/', $likeInput);
- preg_replace($lowerVerbs, '/""/', $likeInput);
- require ("../../database.inc.php");
- // Connect to the MySQL server.
- $LinkID = mysqli_connect($host, $user, $password);
- // Die if no connect
- if (!$LinkID) {
- die('Could not connect: ' . mysqli_error($LinkID));
- }
- // Choose the DB and run a query.
- mysqli_select_db($LinkID, "comp170");
- $queryResult = mysqli_query($LinkID, "SELECT $selectInput FROM $fromInput WHERE $whereInput LIKE '$likeInput'");
- echo mysqli_error($LinkID);
- if ($queryResult){
- $match = mysqli_fetch_assoc($queryResult);
- if (empty($match)) {
- echo "Empty result set";
- //also kill the db connection here
- die();
- }
- }else{
- die();
- }
- mysqli_data_seek ($queryResult, 0);
- $match=mysqli_fetch_assoc($queryResult); // Print the column labels
- print "<p> Your Query </p>";
- print "<table border=1><tr>";
- foreach (array_keys($match) as $data) {
- print "<td><b>$data</b></td>";
- }
- print "</tr><tr>";
- // Print the values for the first row
- foreach ($match as $otherData) {
- print "<td>$otherData</td>";
- }
- print "</tr><tr>";
- // Print the rest of the rows.
- while ($match=mysqli_fetch_row($queryResult)) {
- foreach ($match as $otherData) {
- print "<td>$otherData</td>";
- }
- print "</tr><tr>";
- }
- ?>
- </tr></table></body></html>
- //Sanitize inputs //Get input from user //Display result of querys chosen based on choice
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement