lewis987 Posted October 21, 2007 Share Posted October 21, 2007 i have a piece of code that checks a user's input of SQL to check whether its valid or it. If its valid then to do it, otherwise dont, then show an output whether it worked or not. The problem is that it generates the error about 30 times over. So it shows something like: Query: "SELECT * FORM `table`; is invalid or illegal SQL. about 30 times down the screen i have the SQL i will allow them to run in an array named "$SQL_Syntax" and the number of elements in the array named "$SQL_COUNT" included in another file. I think 2 while loops is the only way arround this. heres the code: <?php $length = strlen($SQL); $i = 0; while($i < $length){ $SPACES .= " "; $i++; } if($SQL == "" || $SQL == $SPACES){ echo('Do not attempt to run an empty Query'); exit; } include(ADM_REQUIRED.'sql_syntax.php'); mysql_real_escape_string($SQL); $explode = explode(";",$SQL); $count = count($explode); $i = 0; while($i < $count){ $o = 0; while($o < $SQL_COUNT){ $sql = " ".$explode[$i]; if(strpos($sql, $SQL_Syntax[$o]) == TRUE){ $q = mysql_query($explode[$i]); $output .= 'Query: '.$explode[$i].' executed.<br />'; }else{ $output .= 'Query: '.$explode[$i].' is invalid or uses illegal SQL.<br />'; } $o++; } $i++; } echo $output; exit; ?> hope to get an answer Quote Link to comment https://forums.phpfreaks.com/topic/74231-hard-to-explain/ Share on other sites More sharing options...
lewis987 Posted October 21, 2007 Author Share Posted October 21, 2007 now i have it showing 2 when i only enter one query :s any ideas? new code: <?php function db_query($SQL){ $length = strlen($SQL); $i = 0; while($i < $length){ $SPACES .= " "; $i++; } if($SQL == "" || $SQL == $SPACES){ echo('Do not attempt to run an empty Query'); exit; } $SQL_Syntax = array("ALTER TABLE", "CREATE INDEX", "INSERT INTO", "CREATE TABLE", "RENAME TABLE", "DELETE", "DO", "HANDLER", "INSET", "LOAD DATA INFILE", "REPLACE", "SELECT", "TRUNCATE", "UPDATE", "DESCRIBE", "HELP", "USE", "START", "TRANSACTION", "COMMIT", "ROLLBACK", "SAVEPOINT", "ROLLBACK TO SAVEPOINT", "LOCK TABLES", "UNLOCK TABLES", "SET TRANSACTION", "SET", "SHOW"); $SQL_COUNT = count($SQL_Syntax); mysql_real_escape_string($SQL); $explode = explode(";",$SQL); $count = count($explode); $i = 0; $o = 0; $found = 0; while($i < $count){ if($explode[$i] != "" || $explode[$i] != $SPACES){ while($o < $SQL_COUNT){ $sql = " ".$explode[$i]; if(strpos($sql, $SQL_Syntax[$o]) > 0){ $found++; $Valid_SQL .= $explode[$i].";"; } $o++; } } $i++; } if($found != 0){ $explode = explode(";", $Valid_SQL); $count = count($explode); $i = 0; //check for sql containing only spaces $O = 0; $length = strlen($explode[$i]); while($O < $length){ $SPACES .= " "; $O++; } while($i < $count){ if(($explode[$i] != "") || ($explode[$i] != $SPACES)){ $Q = mysql_query($explode[$i].";"); if($Q){ $output .= '<table cellpadding="0" cellspacing="0"> <tr> <td height="3px" bgcolor="#00ff00"></td> <td bgcolor="#00ff00"></td> <td bgcolor="#00ff00"></td> </tr> <tr> <td bgcolor="#00ff00" width="3px"></td> <td bgcolor="#99FF99">Query: "'.$explode[$i].';" was sucessfully run.</td> <td bgcolor="#00ff00" width="3px"></td> </tr> <tr> <td height="3px" bgcolor="#00ff00"></td> <td bgcolor="#00ff00"></td> <td bgcolor="#00ff00"></td> </tr> </table>'; }else{ $output .= '<table cellpadding="0" cellspacing="0"> <tr> <td height="3px" bgcolor="#FF0000"></td> <td bgcolor="#FF0000"></td> <td bgcolor="#FF0000"></td> </tr> <tr> <td bgcolor="#FF0000" width="3px"></td> <td bgcolor="#FF9999">Query: "'.$explode[$i].';" failed.</td> <td bgcolor="#FF0000" width="3px"></td> </tr> <tr> <td height="3px" bgcolor="#FF0000"></td> <td bgcolor="#FF0000"></td> <td bgcolor="#FF0000"></td> </tr> </table>'; } echo $explode[$i]; $i++; } } }else{ $output .= '<table cellpadding="0" cellspacing="0"> <tr> <td height="3px" bgcolor="#FF0000"></td> <td bgcolor="#FF0000"></td> <td bgcolor="#FF0000"></td> </tr> <tr> <td bgcolor="#FF0000" width="3px"></td> <td bgcolor="#FF9999">The query you wish to run is illegal or contains invalid SQL</td> <td bgcolor="#FF0000" width="3px"></td> </tr> <tr> <td height="3px" bgcolor="#FF0000"></td> <td bgcolor="#FF0000"></td> <td bgcolor="#FF0000"></td> </tr> </table>'; } $DASH = new dash; $DBNAVI = new DB_NAVI; $DBMAIN = new db_main; $DBBACKUP = new db_backup; $DBQUERY = new db_query; include(ADM_HEAD); echo('<body><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td>'); tabs(); echo('</td> </tr> <tr>'); Head(); echo('</tr> <tr> <td>'); echo('<table>'); echo('<tr>'); echo('<td valign="top">'); $DBNAVI->main_top(); $DBNAVI->sql_toolbox(); $DBNAVI->main_bottom(); echo('</td>'); echo('<td>'); echo($output); echo('</td>'); echo('</tr>'); echo('</table>'); echo('</td> </tr> </table>'); footer(); exit; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/74231-hard-to-explain/#findComment-375035 Share on other sites More sharing options...
lewis987 Posted October 22, 2007 Author Share Posted October 22, 2007 someone must be able to help! Quote Link to comment https://forums.phpfreaks.com/topic/74231-hard-to-explain/#findComment-375322 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.