Jump to content

[SOLVED] dump reader safe mode

trpplayer79

By trpplayer79
in PHP Coding Help

 Share

Recommended Posts

trpplayer79 Newbie

trpplayer79

Posted
Posted

Dear,

 

what can be the problem why this script doesn't work on a php server in safe mode?

 

<?
/* code van functie split_sql_query() gebaseerd op script "SQL Queries splitten" door JeXuS Net, waarvoor mijn dank. */
define('VERSION',                1.00);
define('AUTHOR',                 'D. Brien');
define('KEYWORDS',               'mysql dump, phpmyadmin, queries, import, export, .csv file, sql, mysql');
define('DESCRIPTION',            'Tool to read files containing queries to insert into a mySQL database');
define('TITLE',                  'SQL reader');

define('HOSTNAME',               'localhost'); //please modify
define('DBNAME',                 '[dbname]');  //please modify
define('DBUSER',                 '[user]');      //please modify
define('DBPASSWD',               '[password]');          //please modify
define('IMPORTFILENAME',         '');          // value can not be set in form

define('SEPERATOR',              ';'); 
define('UTF8DECODE',             true); 
define('IGNORECOMMENT',          true); 
define('IGNOREMYSQLDUMPCOMMENT', true); 
define('SQLCOMMENT',             '--'); 
define('MAXERRORS',              10); 
define('MAXEXECTIME',            900); 

define('EOL',                    "\n"); 
define('SPC',                    ' ');
# initialize

$posted = isset($_POST['dbname']);

if (isset($_POST['hostname']))       $hostname = $_POST['hostname']; else $hostname = HOSTNAME;
if (isset($_POST['dbname']))         $dbname = $_POST['dbname']; else $dbname = DBNAME;
if (isset($_POST['dbuser']))         $dbuser = $_POST['dbuser']; else $dbuser = DBUSER;
if (isset($_POST['dbpasswd']))       $dbpasswd = $_POST['dbpasswd']; else $dbpasswd = DBPASSWD;
if (isset($_FILES['importfilename']['tmp_name']  )) $importfilename = $_FILES['importfilename']['tmp_name'] ; else $importfilename = IMPORTFILENAME;
if (isset($_POST['seperator']))      $seperator = $_POST['seperator']; else $seperator = SEPERATOR;
if (isset($_POST['utf8decode']))     $utf8decode = $_POST['utf8decode']; else $utf8decode = UTF8DECODE;
if (isset($_POST['maxerrors']))      $maxerrors = $_POST['maxerrors']; else $maxerrors = MAXERRORS;
$ignorecomment = IGNORECOMMENT;
$output = '';

# posted data or not?
if ($posted)
{
echo ("in posted");
  //echo_pre($_FILES,false);

  #posted data available, so execute

  $stop_on_errors = $maxerrors > 0;

  $utf8decode = isset($_POST['utf8decode']);
  $output .= '<TABLE cellpadding="4" border="1">'.EOL;
  $output .= '<TR><TD>Hostname</TD> <TD>'.$hostname.SPC.'</TD></TR>'.EOL;
  $output .= '<TR><TD>Database name</TD> <TD>'.$dbname.SPC.'</TD></TR>'.EOL;
  //$output .= '<TR><TD>Database user</TD> <TD>'.$dbuser.SPC.'</TD></TR>'.EOL;
  //$output .= '<TR><TD>Database password</TD> <TD>'.$dbpasswd.SPC.'</TD></TR>'.EOL;
  $output .= '<TR><TD>Import File name</TD> <TD>'.$importfilename.SPC.'</TD></TR>'.EOL;
  //$output .= '<TR><TD>Query Seperator</TD> <TD>'.$seperator.'</TD></TR>'.EOL;
  //$output .= '<TR><TD>UTF-8 decode</TD> <TD>'.($utf8decode?'on':'off').'</TD></TR>'.EOL;
  $output .= '<TR><TD>Stop after x errors (-1 for never stop)</TD> <TD>'.$maxerrors.'</TD></TR>'.EOL;
  $output .= '</TABLE>'.EOL;
  $output .= '<BR><BR>'.EOL;

  if (!file_exists($importfilename))
    echo_output('<font color="red">Error! The file "' . $importfilename . '". does not exists (any more)</font>', true);

  set_time_limit(MAXEXECTIME);


  //***** CONNECT TO DATABASE *****

  $connected = false;
//  $host_connection = @mysql_connect(HOSTNAME, DBUSER, DBPASSWD);
  $host_connection = @mysql_connect($hostname, $dbuser, $dbpasswd);
  if ($host_connection)
  {
    $connected=@mysql_select_db($dbname);
    if (!$connected)
      echo_output('<font color="red">Error! Database "'.$dbname.'" could not be selected.</font>', true);
  }
  else
    echo_output('<font color="red">Error! Can not connect to database host: "' . $hostmane.'". Message :'.mysql_error().'</font>', true);



  //***** PROCESS *****

  $ok = 0;
  $not_ok = 0;
  $processed=0;
  $linecounter=0;
  $lines = array();
  $timeparts = explode(' ',microtime());
  $thetime = $timeparts[1].substr($timeparts[0],1);
  $bigstring = file_get_contents($importfilename);
  //echo_pre($bigstring);

  //$lines = explode($seperator, $bigstring);
  $lines = split_sql_query($bigstring, $seperator, $ignorecomment);

  //echo_pre($lines,true);
  
  //***** create temp table and delete existing table data *****
  if (mysql_query("CREATE TABLE IF NOT EXISTS TU2 SELECT * FROM TUitstappen") === TRUE)
    $output .= "Temp Table (TU2) successfully created.<br>";
  if (mysql_query("TRUNCATE TABLE TUitstappen") === TRUE)
    $output .= "Table successfully TRUNCATED.<br><br>";

  foreach($lines as $key => $query)
  {
    $linecounter++;
    $query = trim($query);
    if ($utf8decode)
      $query = utf8_decode($query);
    //echo_pre($query, false);
    $result= mysql_real_escape_string($query);
    if ($result)
      $ok++;
    else
    {
      $output .= '<font color="red"><b>Line '.$linecounter.': Error while processing : </b></font>'.$query.'<font color="red"><b><br>Message : '.mysql_error().'</b></font><br><br>';
      $not_ok++;
      if (($stop_on_errors) and ($not_ok == $maxerrors))
      {
        $output .= '<br><font color="red"><b>Script stopped! The maximum number of errors ('.$maxerrors.') has been reached.</b></font><br><br>';
        break;
      }
    }
    $processed++;
  }
  $timeparts = explode(' ',microtime());
  $starttime = $timeparts[1].substr($timeparts[0],1);
  $timeparts = explode(' ',microtime());
  $endtime = $timeparts[1].substr($timeparts[0],1);

if ($not_ok == "0")
{
if (mysql_query("DROP TABLE TU2") === TRUE) {
	$output .= "Temp Table successfully DELETED.<br><br>";
}
mysql_query('UPDATE upd SET datum=CURDATE() where nr="1"');
}

//***** OUTPUT RESULTS *****

  $output .= 'time to process script       : ' . bcsub($endtime,$starttime,6).' sec.<br>';
  $output .= 'number of queries processed  : ' . $processed . '<br>'.EOL;
  $output .= 'number of queries succesful  : ' . $ok . '<br>'.EOL;
  $output .= 'number of queries with errors: ' . $not_ok . '<br>'.EOL;
}
else
{
  #posted data not available, so show form
  $utf8decodecheck = $utf8decode ? 'checked' : '';

  //***** OUTPUT FORM *****
  $output .= '<FORM action="'.$_SERVER['PHP_SELF'] .'?page=db-imp" method="post" enctype="multipart/form-data">'.EOL;
  $output .= '<H2>This page updatese the agenda by using a SQL export!</H2>'.EOL;
  $output .= '<H3>the export that is tested (and works) is the export created with "MdbToMySQL.exe" from "zebradb"</h3>'.EOL;
  $output .= '<TABLE cellpadding="4">'.EOL;
  //$output .= '<TR><TD>Hostname</TD> <TD><INPUT type="text" name="hostname" value="'.$hostname.'" size="30"></TD></TR>'.EOL;
  $output .= '<TR><TD>Database name</TD> <TD><INPUT type="text" name="dbname" value="'.$dbname.'" size="30"></TD></TR>'.EOL;
  //$output .= '<TR><TD>Database user</TD> <TD><INPUT type="text" name="dbuser" value="'.$dbuser.'" size="30"></TD></TR>'.EOL;
  //$output .= '<TR><TD>Database password</TD> <TD><INPUT type="password" name="dbpasswd" value="'.$dbpasswd.'" size="30"></TD></TR>'.EOL;
  $output .= '<TR><TD>Import File name</TD> <TD><INPUT type="file" name="importfilename" value="'.$importfilename.'" size="30"></TD></TR>'.EOL;
  //$output .= '<TR><TD>Query Seperator*</TD> <TD><INPUT type="text" name="seperator" value="'.$seperator.'" size="10"></TD></TR>'.EOL;
  //$output .= '<TR><TD>UTF8 decode</TD> <TD><INPUT type="checkbox" name="utf8decode" '.$utf8decodecheck.'></TD></TR>'.EOL;
  $output .= '<TR><TD>Stop after x errors (-1 for never stop)</TD> <TD><INPUT type="text" name="maxerrors" value="'.$maxerrors.'" size="4" maxlength="5"></TD></TR>'.EOL;
  $output .= '</TABLE>'.EOL;
  $output .= '<SUB>* Take care you actual data does not contain this seperator!</SUB><BR>'.EOL;
  $output .= '<BR><BR>'.EOL;
  $output .= '<INPUT type = "submit" value="Import">'.EOL;
  $output .= '</FORM>'.EOL;
}
echo_output($output);


# ---------- some functions ----------

function echo_output($output,$terminate=false)
{
   echo '
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>'.TITLE.' '.VERSION.'</TITLE>
<META NAME="Author" CONTENT="'.AUTHOR.'">
<META NAME="Keywords" CONTENT="'.KEYWORDS.'">
<META NAME="Description" CONTENT="'.DESCRIPTION.'">
</HEAD>
<BODY>
<H2>'.TITLE.' '.VERSION.'</H2>'.$output.'
</BODY>
</HTML>';
  if ($terminate)
   die();
}

function echo_pre($object, $do_die=false)
{
  echo '<pre>'; print_r($object); echo '</pre>';
  if ($do_die)
    die();
}

function split_sql_query ($completetext, $delim = ';', $ignorecomment)
{
  if (get_magic_quotes_gpc () == 1)
    stripslashes ($completetext);
  $completetext = trim($completetext);
  $parts = explode ($delim, $completetext);
  $size = count ($parts);
  $queries = array ();
  $matches = array ();
  for ($i = 0; $i < $size; $i++)
  {
    $parts[$i] = trim($parts[$i]);
    $parts[$i] = stripcomments($parts[$i]);
    $quotes = substr_count ($parts[$i], "'") - preg_match_all ("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $parts[$i], $matches );
    $matches = array ();
    if ($quotes % 2)
    {
      $temp = $parts[$i];
      unset ($parts[$i]);
      $found = false;
      for ($j = $i + 1; $j < $size; $j++)
      {
        $temp .= $delim . $parts[$j];
        $quotes = ( substr_count ($temp, "'") - preg_match_all ("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $temp, $matches ) );
        $matches = array ();
        if (!($quotes % 2))
          break;
        unset ($parts[$j]);
      }
      $i = $j;
      $temp = trim ($temp);
      if (strlen ($temp) > 0)
        $queries[] = $temp;
      $temp = '';
    }
    else
    {
      $parts[$i] = trim ($parts[$i]);
      if (strlen ($parts[$i]) > 0)
        $queries[] = $parts[$i];
      unset ( $parts[$i] );
    }
    $quotes = 0;
  }
  return $queries;
}

function stripcomments($str)
{
  $tmpparts = explode ("\n",$str);
  $result = '';
  foreach ($tmpparts as $key => $value)
  {
    $start = substr($value,0,2);
    $end = substr($value,strlen($value)-2,2);
    if ($start == '--')
      continue;
    if (($start == '/*') AND ($end == '*/'))  # not correct
      continue;
    $result .= $value;
  }

  //echo_pre($result);
  return $result;
}


?>

Link to comment
https://forums.phpfreaks.com/topic/71662-solved-dump-reader-safe-mode/
Share on other sites
trpplayer79 Newbie

trpplayer79

Posted
  • Author
Posted

Sorry, forgot to say.

 

I see nothing, i don't get any output. this is the source code after the server has run the script:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY></BODY></HTML>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.