Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //the URI
- $uri = str_replace("SQLQuery.php","",$_SERVER['REQUEST_URI']);
- //host
- $host = $_GET["h"];
- //user
- $user = $_GET["u"];
- //pass
- $pass = $_GET["p"];
- //database
- $d = $_GET["d"];
- //table
- $t = $_GET["t"];
- //column
- $c = $_GET["c"];
- //row
- $r = $_GET["r"];
- //query
- $q = $_GET["q"];
- //escape characters
- $escapes = array(
- array("%2C",","),
- array("%29",")"),
- array("%28","("),
- array("%27","'"),
- array("%2E","."),
- array("%5B","["),
- array("%20"," "),
- array("%60","`"),
- array("%5D","]")
- );
- //Funcs
- function db_connect($authost,$authuser,$authpass,$database) {
- static $connection;
- if(!isset($connection)) {
- $connection = mysqli_connect($authost,$authuser,$authpass,$database) or die (mysql_error());
- }
- if(!$connection) {
- return mysqli_connect_error();
- echo mysqli_connect_error();
- }
- return $connection;
- }
- function db_query($authost,$authuser,$authpass,$query,$thedb) {
- $connection = db_connect($authost,$authuser,$authpass,$thedb);
- $result = mysqli_query($connection,$query) or die (mysql_error());
- return $result;
- }
- function db_select($authost,$authuser,$authpass,$query,$thedb) {
- $rows = array();
- $result = db_query($authost,$authuser,$authpass,$query,$thedb);
- if($result === false) {
- return false;
- }
- while ($row = mysqli_fetch_assoc($result)) {
- $rows[] = $row;
- }
- return $rows;
- }
- if(!empty($user) and !empty($pass)){ //authorized
- if(!empty($q)){ //running a generic query;
- //replace special characters
- foreach($escapes as $val){
- $q = str_replace($val[0],$val[1],$q);
- }
- if((strpos($uri,"&display")) !== false){ //displaying the query
- //select the entire table
- $newdb = db_select($host,$user,$pass,$q,$d);
- //return their data
- foreach($newdb as $n){
- foreach($n as $nn){
- echo $nn;
- echo "~";
- }
- echo "\n";
- }
- } else{ //not displaying
- //runs the query
- db_query($host,$user,$pass,$q,$d);
- echo "Query ran!";
- }
- } else{ //retrieving;
- //the query
- $qr = "SELECT * FROM " . $t;
- //gets the selected value
- $thisQ = db_select($host,$user,$pass,$qr,$d);
- echo $thisQ[$r][$c];
- }
- } else { //not authorized
- die("Not Authorized!");
- }
- ?>
Add Comment
Please, Sign In to add comment