Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //$username = $_GET['username'];
- //$password = $_GET['password'];
- //$server = $_GET['server'];
- /*if(!isset($username, $password, $server))
- {
- echo("form_incomplete");
- die;
- }*/
- $con = mysql_connect("mysql4.000webhost.com", "a7212342_gm", "password1234");
- if(!$con)
- {
- echo("Server Connection Failure!");
- die;
- }
- else
- {
- $querystring = $_GET['input'];
- $tableinput = $_GET['table'];
- $var1 = $_GET['var1'];
- $var2 = $_GET['var2'];
- mysql_real_escape_string($var1);
- mysql_real_escape_string($tableinput);
- mysql_real_escape_string($var2);
- if(!isset($querystring))
- {
- echo("form_incomplete");
- die;
- }
- else
- {
- mysql_select_db(a7212342_gm);
- $words = explode(" ", $querystring);
- $words2 = explode(" ", $var2);
- if(in_array("SELECT", $words) || in_array("select", $words))
- {
- // Command is SELECT
- $query = "SELECT " . $var1 . " FROM " . $tableinput . " WHERE " . stripslashes($var2);
- $result = mysql_query($query) or die(mysql_error());
- $i = 0;
- $row = mysql_fetch_row($result);
- while ($i < mysql_num_fields($result)) {
- echo $row[$i] . "|";
- $i++;
- }
- mysql_free_result($result);
- }
- elseif(in_array("SELECT", $words) || in_array("select", $words) && !in_array("WHERE", $words2))
- {
- // Command is SELECT
- $result = mysql_query("SELECT " . $var1 . " FROM " . $tableinput) or die(mysql_error());
- $i = 0;
- $row = mysql_fetch_row($result);
- while ($i < mysql_num_fields($result)) {
- echo $row[$i] . "|";
- $i++;
- }
- mysql_free_result($result);
- }
- elseif(in_array("UPDATE", $words))
- {
- $command = "UPDATE " . $tableinput . " SET " . $var1 . " WHERE " . $var2;
- mysql_query(stripslashes($command)) or die(mysql_error());
- }
- elseif(in_array("INSERT", $words))
- {
- $var3 = $_GET['var3'];
- $var4 = $_GET['var4'];
- $var5 = $_GET['var5'];
- $var6 = $_GET['var6'];
- $var7 = $_GET['var7'];
- $var8 = $_GET['var8'];
- $var9 = $_GET['var9'];
- $var10 = $_GET['var10'];
- mysql_real_escape_string($var3);
- mysql_real_escape_string($var4);
- mysql_real_escape_string($var5);
- mysql_real_escape_string($var6);
- mysql_real_escape_string($var7);
- mysql_real_escape_string($var8);
- mysql_real_escape_string($var9);
- mysql_real_escape_string($var10);
- $command = "INSERT INTO " . $tableinput . " ( " . $var1 . ", " . $var2 . ", " . $var3 . ", " . $var4 . ", " . $var5 . " ) VALUES ( '" . $var6 . "', '" . $var7 . "', " . $var8 . ", " . $var9 . ", '" . $var10 . "' )";
- mysql_query($command) or die(mysql_error());
- }
- else
- {
- echo "Fail!";
- }
- die;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement