API tools faq
paste
Guest User

Untitled

a guest
Dec 6th, 2016
32
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.34 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //the URI
  3. $uri = str_replace("SQLQuery.php","",$_SERVER['REQUEST_URI']);
  4.  
  5. //host
  6. $host = $_GET["h"];
  7.  
  8. //user
  9. $user = $_GET["u"];
  10.  
  11. //pass
  12. $pass = $_GET["p"];
  13.  
  14. //database
  15. $d = $_GET["d"];
  16.  
  17. //table
  18. $t = $_GET["t"];
  19.  
  20. //column
  21. $c = $_GET["c"];
  22.  
  23. //row
  24. $r = $_GET["r"];
  25.  
  26. //query
  27. $q = $_GET["q"];
  28.  
  29. //escape characters
  30. $escapes = array(
  31. array("%2C",","),
  32. array("%29",")"),
  33. array("%28","("),
  34. array("%27","'"),
  35. array("%2E","."),
  36. array("%5B","["),
  37. array("%20"," "),
  38. array("%60","`"),
  39. array("%5D","]")
  40. );
  41.  
  42. //Funcs
  43. function db_connect($authost,$authuser,$authpass,$database) {
  44. static $connection;
  45. if(!isset($connection)) {
  46. $connection = mysqli_connect($authost,$authuser,$authpass,$database) or die (mysql_error());
  47. }
  48.  
  49. if(!$connection) {
  50. return mysqli_connect_error();
  51. echo mysqli_connect_error();
  52. }
  53.  
  54. return $connection;
  55. }
  56.  
  57. function db_query($authost,$authuser,$authpass,$query,$thedb) {
  58. $connection = db_connect($authost,$authuser,$authpass,$thedb);
  59. $result = mysqli_query($connection,$query) or die (mysql_error());
  60.  
  61. return $result;
  62. }
  63.  
  64. function db_select($authost,$authuser,$authpass,$query,$thedb) {
  65. $rows = array();
  66. $result = db_query($authost,$authuser,$authpass,$query,$thedb);
  67.  
  68. if($result === false) {
  69. return false;
  70. }
  71.  
  72. while ($row = mysqli_fetch_assoc($result)) {
  73. $rows[] = $row;
  74. }
  75. return $rows;
  76. }
  77.  
  78. if(!empty($user) and !empty($pass)){ //authorized
  79. if(!empty($q)){ //running a generic query;
  80.  
  81. //replace special characters
  82. foreach($escapes as $val){
  83. $q = str_replace($val[0],$val[1],$q);
  84. }
  85.  
  86. if((strpos($uri,"&display")) !== false){ //displaying the query
  87. //select the entire table
  88. $newdb = db_select($host,$user,$pass,$q,$d);
  89.  
  90. //return their data
  91. foreach($newdb as $n){
  92. foreach($n as $nn){
  93. echo $nn;
  94. echo "~";
  95. }
  96. echo "\n";
  97. }
  98.  
  99. } else{ //not displaying
  100. //runs the query
  101. db_query($host,$user,$pass,$q,$d);
  102. echo "Query ran!";
  103. }
  104. } else{ //retrieving;
  105.  
  106. //the query
  107. $qr = "SELECT * FROM " . $t;
  108.  
  109. //gets the selected value
  110. $thisQ = db_select($host,$user,$pass,$qr,$d);
  111.  
  112. echo $thisQ[$r][$c];
  113. }
  114. } else { //not authorized
  115. die("Not Authorized!");
  116. }
  117.  
  118. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!