API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 12th, 2022
43
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.43 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. * Written By: ShivalWolf
  4. * Date: 2011/06/03
  5. * Contact: Shivalwolf@domwolf.net
  6. *
  7. /************************************CONFIG****************************************/
  8. //DATABSE DETAILS//
  9. $DB_ADDRESS="";
  10. $DB_USER="";
  11. $DB_PASS="";
  12. $DB_NAME="";
  13.  
  14. //SETTINGS//
  15. //This code is something you set in the APP so random people cant use it.
  16. $SQLKEY="secret";
  17.  
  18. /************************************CONFIG****************************************/
  19.  
  20. //these are just in case setting headers forcing it to always expire
  21. header('Cache-Control: no-cache, must-revalidate');
  22.  
  23. error_log(print_r($_POST,TRUE));
  24.  
  25. if( isset($_POST['query']) && isset($_POST['key']) ){ //checks if the tag post is there and if its been a proper form post
  26. //set content type to CSV (to be set here to be able to access this page also with a browser)
  27. header('Content-type: text/csv');
  28.  
  29. if($_POST['key']==$SQLKEY){ //validates the SQL key
  30. $query=urldecode($_POST['query']);
  31. if(get_magic_quotes_gpc()){ //check if the worthless pile of crap magic quotes is enabled and if it is, strip the slashes from the query
  32. $query=stripslashes($query);
  33. }
  34. $conn = new mysqli($DB_ADDRESS,$DB_USER,$DB_PASS,$DB_NAME); //connect
  35.  
  36. if($conn->connect_error){ //checks connection
  37. header("HTTP/1.0 400 Bad Request");
  38. echo "ERROR Database Connection Failed: " . $conn->connect_error, E_USER_ERROR; //reports a DB connection failure
  39. } else {
  40. $result=$conn->query($query); //runs the posted query
  41. if($result === false){
  42. header("HTTP/1.0 400 Bad Request"); //sends back a bad request error
  43. echo "Wrong SQL: " . $query . " Error: " . $conn->error, E_USER_ERROR; //errors if the query is bad and spits the error back to the client
  44. } else {
  45. if (strlen(stristr($query,"SELECT"))>0) { //tests if it's a SELECT statement
  46. $csv = ''; // bug fix Undefined variable: csv
  47. while ($fieldinfo = $result->fetch_field()) {
  48. $csv .= $fieldinfo->name.",";
  49. }
  50. $csv = rtrim($csv, ",")."\n";
  51. echo $csv; //prints header row
  52. $csv = '';
  53.  
  54. $result->data_seek(0);
  55. while($row = $result->fetch_assoc()){
  56. foreach ($row as $key => $value) {
  57. $csv .= $value.",";
  58. }
  59. $csv = rtrim($csv, ",")."\n";
  60. }
  61. echo $csv; //prints all data rows
  62. } else {
  63. header("HTTP/1.0 201 Rows");
  64. echo "AFFECTED ROWS: " . $conn->affected_rows; //if the query is anything but a SELECT, it will return the number of affected rows
  65. }
  66. }
  67. $conn->close(); //closes the DB
  68. }
  69. } else {
  70. header("HTTP/1.0 400 Bad Request");
  71. echo "Bad Request"; //reports if the secret key was bad
  72. }
  73. } else {
  74. header("HTTP/1.0 400 Bad Request");
  75. echo "Bad Request";
  76. }
  77. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!