daily pastebin goal
90%
SHARE
TWEET

Untitled

a guest Dec 6th, 2016 25 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.     //the URI
  3.     $uri = str_replace("SQLQuery.php","",$_SERVER['REQUEST_URI']);
  4.    
  5.     //host
  6.     $host = $_GET["h"];
  7.    
  8.     //user
  9.     $user = $_GET["u"];
  10.    
  11.     //pass
  12.     $pass = $_GET["p"];
  13.    
  14.     //database
  15.     $d = $_GET["d"];
  16.    
  17.     //table
  18.     $t = $_GET["t"];
  19.    
  20.     //column
  21.     $c = $_GET["c"];
  22.    
  23.     //row
  24.     $r = $_GET["r"];
  25.    
  26.     //query
  27.     $q = $_GET["q"];
  28.  
  29.     //escape characters
  30.     $escapes = array(
  31.         array("%2C",","),
  32.         array("%29",")"),
  33.         array("%28","("),
  34.         array("%27","'"),
  35.         array("%2E","."),
  36.         array("%5B","["),
  37.         array("%20"," "),
  38.         array("%60","`"),
  39.         array("%5D","]")
  40.     );
  41.    
  42.     //Funcs
  43.     function db_connect($authost,$authuser,$authpass,$database) {
  44.         static $connection;
  45.         if(!isset($connection)) {
  46.             $connection = mysqli_connect($authost,$authuser,$authpass,$database) or die (mysql_error());
  47.         }
  48.    
  49.         if(!$connection) {
  50.             return mysqli_connect_error();
  51.             echo mysqli_connect_error();
  52.         }
  53.        
  54.         return $connection;
  55.     }
  56.    
  57.     function db_query($authost,$authuser,$authpass,$query,$thedb) {
  58.         $connection = db_connect($authost,$authuser,$authpass,$thedb);
  59.         $result = mysqli_query($connection,$query) or die (mysql_error());
  60.    
  61.         return $result;
  62.     }
  63.  
  64.     function db_select($authost,$authuser,$authpass,$query,$thedb) {
  65.         $rows = array();
  66.         $result = db_query($authost,$authuser,$authpass,$query,$thedb);
  67.    
  68.         if($result === false) {
  69.             return false;
  70.         }
  71.        
  72.         while ($row = mysqli_fetch_assoc($result)) {
  73.             $rows[] = $row;
  74.         }
  75.         return $rows;
  76.     }
  77.  
  78.     if(!empty($user) and !empty($pass)){ //authorized
  79.         if(!empty($q)){ //running a generic query;
  80.  
  81.             //replace special characters
  82.             foreach($escapes as $val){
  83.                 $q = str_replace($val[0],$val[1],$q);
  84.             }
  85.            
  86.             if((strpos($uri,"&display")) !== false){ //displaying the query
  87.                 //select the entire table
  88.                 $newdb = db_select($host,$user,$pass,$q,$d);
  89.                
  90.                 //return their data
  91.                 foreach($newdb as $n){
  92.                     foreach($n as $nn){
  93.                         echo $nn;
  94.                         echo "~";
  95.                     }
  96.                     echo "\n";
  97.                 }
  98.            
  99.             } else{ //not displaying
  100.                 //runs the query
  101.                 db_query($host,$user,$pass,$q,$d);
  102.                 echo "Query ran!"; 
  103.             }
  104.         } else{ //retrieving;
  105.            
  106.             //the query
  107.             $qr = "SELECT * FROM " . $t;
  108.            
  109.             //gets the selected value
  110.             $thisQ = db_select($host,$user,$pass,$qr,$d);
  111.            
  112.             echo $thisQ[$r][$c];
  113.         }
  114.     } else { //not authorized
  115.         die("Not Authorized!");
  116.     }
  117.        
  118. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top