Jump to content

hard to explain

lewis987

By lewis987
in PHP Coding Help

Recommended Posts

lewis987 Member

lewis987

Posted
Posted

i have a piece of code that checks a user's input of SQL to check whether its valid or it. If its valid then to do it, otherwise dont, then show an output whether it worked or not. The problem is that it generates the error about 30 times over. So it shows something like:

 

Query: "SELECT * FORM `table`; is invalid or illegal SQL.

about 30 times down the screen

 

i have the SQL i will allow them to run in an array named "$SQL_Syntax" and the number of elements in the array named "$SQL_COUNT" included in another file. I think 2 while loops is the only way arround this.

 

heres the code:

<?php
$length = strlen($SQL);
$i = 0;
while($i < $length){
	$SPACES .= " ";
	$i++;
}
if($SQL == "" || $SQL == $SPACES){
	echo('Do not attempt to run an empty Query');
	exit;
}
include(ADM_REQUIRED.'sql_syntax.php');
mysql_real_escape_string($SQL);
$explode = explode(";",$SQL);
$count = count($explode);
$i = 0;
while($i < $count){
	$o = 0;
	while($o < $SQL_COUNT){
		$sql = " ".$explode[$i];
		if(strpos($sql, $SQL_Syntax[$o]) == TRUE){
			$q = mysql_query($explode[$i]);
			$output .= 'Query: '.$explode[$i].' executed.<br />';
		}else{
			$output .= 'Query: '.$explode[$i].' is invalid or uses illegal SQL.<br />';
		}
		$o++;
	}
	$i++;
}
echo $output;
exit;
?>

 

hope to get an answer

Link to comment
https://forums.phpfreaks.com/topic/74231-hard-to-explain/
Share on other sites
lewis987 Member

lewis987

Posted
  • Author
Posted

now i have it showing 2 when i only enter one query :s

 

any ideas?

 

new code:

<?php
function db_query($SQL){
$length = strlen($SQL);
$i = 0;
while($i < $length){
	$SPACES .= " ";
	$i++;
}
if($SQL == "" || $SQL == $SPACES){
	echo('Do not attempt to run an empty Query');
	exit;
}
$SQL_Syntax = array("ALTER TABLE",
				"CREATE INDEX",
				"INSERT INTO",
				"CREATE TABLE",
				"RENAME TABLE",
				"DELETE",
				"DO",
				"HANDLER",
				"INSET",
				"LOAD DATA INFILE",
				"REPLACE",
				"SELECT",
				"TRUNCATE",
				"UPDATE",
				"DESCRIBE",
				"HELP",
				"USE",
				"START",
				"TRANSACTION",
				"COMMIT",
				"ROLLBACK",
				"SAVEPOINT",
				"ROLLBACK TO SAVEPOINT",
				"LOCK TABLES",
				"UNLOCK TABLES",
				"SET TRANSACTION",
				"SET",
				"SHOW");

$SQL_COUNT = count($SQL_Syntax);
mysql_real_escape_string($SQL);
$explode = explode(";",$SQL);
$count = count($explode);
$i = 0;
$o = 0;
$found = 0;
while($i < $count){
	if($explode[$i] != "" || $explode[$i] != $SPACES){
		while($o < $SQL_COUNT){
			$sql = " ".$explode[$i];
			if(strpos($sql, $SQL_Syntax[$o]) > 0){
				$found++;
				$Valid_SQL .= $explode[$i].";";
			}
			$o++;
		}
	}
	$i++;
}
if($found != 0){
	$explode = explode(";", $Valid_SQL);
	$count = count($explode);
	$i = 0;
	//check for sql containing only spaces
	$O = 0;
	$length = strlen($explode[$i]);
	while($O < $length){
		$SPACES .= " ";
		$O++;
	}
	while($i < $count){
		if(($explode[$i] != "") || ($explode[$i] != $SPACES)){
			$Q = mysql_query($explode[$i].";");
			if($Q){
				$output .= '<table cellpadding="0" cellspacing="0">
  <tr>
    <td height="3px" bgcolor="#00ff00"></td>
    <td bgcolor="#00ff00"></td>
    <td bgcolor="#00ff00"></td>
  </tr>
  <tr>
    <td bgcolor="#00ff00" width="3px"></td>
    <td bgcolor="#99FF99">Query: "'.$explode[$i].';" was sucessfully run.</td>
    <td bgcolor="#00ff00" width="3px"></td>
  </tr>
  <tr>
    <td height="3px" bgcolor="#00ff00"></td>
    <td bgcolor="#00ff00"></td>
    <td bgcolor="#00ff00"></td>
  </tr>
</table>';
			}else{
				$output .= '<table cellpadding="0" cellspacing="0">
  <tr>
    <td height="3px" bgcolor="#FF0000"></td>
    <td bgcolor="#FF0000"></td>
    <td bgcolor="#FF0000"></td>
  </tr>
  <tr>
    <td bgcolor="#FF0000" width="3px"></td>
    <td bgcolor="#FF9999">Query: "'.$explode[$i].';" failed.</td>
    <td bgcolor="#FF0000" width="3px"></td>
  </tr>
  <tr>
    <td height="3px" bgcolor="#FF0000"></td>
    <td bgcolor="#FF0000"></td>
    <td bgcolor="#FF0000"></td>
  </tr>
</table>';
			}
			echo $explode[$i];
			$i++;
		}
	}
}else{
	$output .= '<table cellpadding="0" cellspacing="0">
  <tr>
    <td height="3px" bgcolor="#FF0000"></td>
    <td bgcolor="#FF0000"></td>
    <td bgcolor="#FF0000"></td>
  </tr>
  <tr>
    <td bgcolor="#FF0000" width="3px"></td>
    <td bgcolor="#FF9999">The query you wish to run is illegal or contains invalid SQL</td>
    <td bgcolor="#FF0000" width="3px"></td>
  </tr>
  <tr>
    <td height="3px" bgcolor="#FF0000"></td>
    <td bgcolor="#FF0000"></td>
    <td bgcolor="#FF0000"></td>
  </tr>
</table>';
}		
	$DASH = new dash;
	$DBNAVI = new DB_NAVI;
	$DBMAIN = new db_main;
	$DBBACKUP = new db_backup;
	$DBQUERY = new db_query;
	include(ADM_HEAD);
	echo('<body><table width="100%" border="0" cellspacing="0" cellpadding="0">
		  <tr>
			<td>');
				tabs();
			echo('</td>
		  </tr>
		  <tr>');
			Head();
		  echo('</tr>
		  <tr>
			<td>');
				echo('<table>');
				  echo('<tr>');
				    echo('<td valign="top">');
						$DBNAVI->main_top();
						$DBNAVI->sql_toolbox();
						$DBNAVI->main_bottom();
					echo('</td>');
				  	 	echo('<td>');
						echo($output);
					echo('</td>');
				  echo('</tr>');
				echo('</table>');

		echo('</td>
	  </tr>
	</table>');
	footer();
exit;
}
?>

Link to comment
https://forums.phpfreaks.com/topic/74231-hard-to-explain/#findComment-375035
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.