Guest User

Boinaweb

a guest
Dec 5th, 2019
219
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. * Written By: ShivalWolf
  4. * Date: 2011/06/03
  5. * Contact: Shivalwolf@domwolf.net
  6. *
  7. * UPDATE 2011/04/05
  8. * The code now returns a real error message on a bad query with the mysql error number and its error message
  9. * checks for magic_quotes being enabled and strips slashes if it is. Its best to disable magic quotes still.
  10. * Checks to make sure the submitted form is a x-www-form-urlencode just so people dont screw with a browser access or atleast try to
  11. * Forces the output filename to be JSON to conform with standards
  12. *
  13. * UPDATE 2011/06/03
  14. * Code updated to use the Web Module instead of tinywebdb
  15. *
  16. * UPDATE 2013/12/26 and 2014/02/18
  17. * minor modifications by Taifun, puravidaapps.com
  18. *
  19. * UPDATE 2014/07/11
  20. * mysql API (deprecated) replaced by mysqli by Taifun
  21. *
  22. * UPDATE 2015/04/30
  23. * SELECT logic adjusted (result stored in temp. file removed) by Taifun
  24. *
  25. * UPDATE 2016/02/21
  26. * Bugfix Undefined variable: csv
  27. */
  28.  
  29. /************************************CONFIG****************************************/
  30. //DATABSE DETAILS//
  31. $DB_ADDRESS="localhost";
  32. $DB_USER="id11127954_boina";
  33. $DB_PASS="boina";
  34. $DB_NAME="id11127954_boina";
  35.  
  36. //SETTINGS//
  37. //This code is something you set in the APP so random people cant use it.
  38. $SQLKEY="secret";
  39.  
  40. /************************************CONFIG****************************************/
  41.  
  42. //these are just in case setting headers forcing it to always expire
  43. header('Cache-Control: no-cache, must-revalidate');
  44.  
  45. error_log(print_r($_POST,TRUE));
  46.  
  47. if( isset($_POST['query']) && isset($_POST['key']) ){ //checks if the tag post is there and if its been a proper form post
  48. //set content type to CSV (to be set here to be able to access this page also with a browser)
  49. header('Content-type: text/csv');
  50.  
  51. if($_POST['key']==$SQLKEY){ //validates the SQL key
  52. $query=urldecode($_POST['query']);
  53. if(get_magic_quotes_gpc()){ //check if the worthless pile of crap magic quotes is enabled and if it is, strip the slashes from the query
  54. $query=stripslashes($query);
  55. }
  56. $conn = new mysqli($DB_ADDRESS,$DB_USER,$DB_PASS,$DB_NAME); //connect
  57.  
  58. if($conn->connect_error){ //checks connection
  59. header("HTTP/1.0 400 Bad Request");
  60. echo "ERROR Database Connection Failed: " . $conn->connect_error, E_USER_ERROR; //reports a DB connection failure
  61. } else {
  62. $result=$conn->query($query); //runs the posted query
  63. if($result === false){
  64. header("HTTP/1.0 400 Bad Request"); //sends back a bad request error
  65. echo "Wrong SQL: " . $query . " Error: " . $conn->error, E_USER_ERROR; //errors if the query is bad and spits the error back to the client
  66. } else {
  67. if (strlen(stristr($query,"SELECT"))>0) { //tests if it's a SELECT statement
  68. $csv = ''; // bug fix Undefined variable: csv
  69. while ($fieldinfo = $result->fetch_field()) {
  70. $csv .= $fieldinfo->name.",";
  71. }
  72. $csv = rtrim($csv, ",")."\n";
  73. echo $csv; //prints header row
  74. $csv = '';
  75.  
  76. $result->data_seek(0);
  77. while($row = $result->fetch_assoc()){
  78. foreach ($row as $key => $value) {
  79. $csv .= $value.",";
  80. }
  81. $csv = rtrim($csv, ",")."\n";
  82. }
  83. echo $csv; //prints all data rows
  84. } else {
  85. header("HTTP/1.0 201 Rows");
  86. echo "AFFECTED ROWS: " . $conn->affected_rows; //if the query is anything but a SELECT, it will return the number of affected rows
  87. }
  88. }
  89. $conn->close(); //closes the DB
  90. }
  91. } else {
  92. header("HTTP/1.0 400 Bad Request");
  93. echo "Bad Request"; //reports if the secret key was bad
  94. }
  95. } else {
  96. header("HTTP/1.0 400 Bad Request");
  97. echo "Bad Request";
  98. }
  99. ?>
RAW Paste Data