SHARE
TWEET

Boinaweb

a guest Dec 5th, 2019 206 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3.  * Written By: ShivalWolf
  4.  * Date: 2011/06/03
  5.  * Contact: Shivalwolf@domwolf.net
  6.  *
  7.  * UPDATE 2011/04/05
  8.  * The code now returns a real error message on a bad query with the mysql error number and its error message
  9.  * checks for magic_quotes being enabled and strips slashes if it is. Its best to disable magic quotes still.
  10.  * Checks to make sure the submitted form is a x-www-form-urlencode just so people dont screw with a browser access or atleast try to
  11.  * Forces the output filename to be JSON to conform with standards
  12.  *
  13.  * UPDATE 2011/06/03
  14.  * Code updated to use the Web Module instead of tinywebdb
  15.  *
  16.  * UPDATE 2013/12/26 and 2014/02/18
  17.  * minor modifications by Taifun, puravidaapps.com
  18.  *
  19.  * UPDATE 2014/07/11
  20.  * mysql API (deprecated) replaced by mysqli by Taifun
  21.  *
  22.  * UPDATE 2015/04/30
  23.  * SELECT logic adjusted (result stored in temp. file removed) by Taifun
  24.  *
  25.  * UPDATE 2016/02/21
  26.  * Bugfix Undefined variable: csv
  27.  */
  28.  
  29. /************************************CONFIG****************************************/
  30. //DATABSE DETAILS//
  31. $DB_ADDRESS="localhost";
  32. $DB_USER="id11127954_boina";
  33. $DB_PASS="boina";
  34. $DB_NAME="id11127954_boina";
  35.  
  36. //SETTINGS//
  37. //This code is something you set in the APP so random people cant use it.
  38. $SQLKEY="secret";
  39.  
  40. /************************************CONFIG****************************************/
  41.  
  42. //these are just in case setting headers forcing it to always expire
  43. header('Cache-Control: no-cache, must-revalidate');
  44.  
  45. error_log(print_r($_POST,TRUE));
  46.  
  47. if( isset($_POST['query']) && isset($_POST['key']) ){                                   //checks if the tag post is there and if its been a proper form post
  48.   //set content type to CSV (to be set here to be able to access this page also with a browser)
  49.   header('Content-type: text/csv');
  50.  
  51.   if($_POST['key']==$SQLKEY){                                                           //validates the SQL key
  52.     $query=urldecode($_POST['query']);
  53.     if(get_magic_quotes_gpc()){     //check if the worthless pile of crap magic quotes is enabled and if it is, strip the slashes from the query
  54.       $query=stripslashes($query);
  55.     }
  56.     $conn = new mysqli($DB_ADDRESS,$DB_USER,$DB_PASS,$DB_NAME);    //connect
  57.  
  58.     if($conn->connect_error){                                                           //checks connection
  59.       header("HTTP/1.0 400 Bad Request");
  60.       echo "ERROR Database Connection Failed: " . $conn->connect_error, E_USER_ERROR;   //reports a DB connection failure
  61.     } else {
  62.       $result=$conn->query($query);                                                     //runs the posted query
  63.       if($result === false){
  64.         header("HTTP/1.0 400 Bad Request");                                             //sends back a bad request error
  65.         echo "Wrong SQL: " . $query . " Error: " . $conn->error, E_USER_ERROR;          //errors if the query is bad and spits the error back to the client
  66.       } else {
  67.         if (strlen(stristr($query,"SELECT"))>0) {                                       //tests if it's a SELECT statement
  68.           $csv = '';                                                                    // bug fix Undefined variable: csv
  69.           while ($fieldinfo = $result->fetch_field()) {
  70.             $csv .= $fieldinfo->name.",";
  71.           }
  72.           $csv = rtrim($csv, ",")."\n";
  73.           echo $csv;                                                                    //prints header row
  74.           $csv = '';
  75.  
  76.           $result->data_seek(0);
  77.           while($row = $result->fetch_assoc()){
  78.             foreach ($row as $key => $value) {
  79.               $csv .= $value.",";
  80.             }
  81.             $csv = rtrim($csv, ",")."\n";
  82.           }
  83.           echo $csv;                                                                    //prints all data rows
  84.         } else {
  85.           header("HTTP/1.0 201 Rows");
  86.           echo "AFFECTED ROWS: " . $conn->affected_rows;       //if the query is anything but a SELECT, it will return the number of affected rows
  87.         }
  88.       }
  89.       $conn->close();                                          //closes the DB
  90.     }
  91.   } else {
  92.      header("HTTP/1.0 400 Bad Request");
  93.      echo "Bad Request";                                       //reports if the secret key was bad
  94.   }
  95. } else {
  96.         header("HTTP/1.0 400 Bad Request");
  97.         echo "Bad Request";
  98. }
  99. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top