function api_execSql()
{
checkAuth(AUTH_ADMIN | AUTH_TEST_MODE);
# TODO: limit the function
$sql = html_entity_decode(mparam("sql"));
if (preg_match('/^\\s*select/i', $sql)) {
global $DBH;
$sth = $DBH->query($sql);
$fmt = param("fmt");
$wantArray = param("wantArray/b", false);
if ($wantArray) {
$fmt = "array";
}
if ($fmt == "array") {
return $sth->fetchAll(PDO::FETCH_NUM);
}
if ($fmt == "table") {
$h = getRsHeader($sth);
$d = $sth->fetchAll(PDO::FETCH_NUM);
return ["h" => $h, "d" => $d];
}
if ($fmt == "one") {
$row = $sth->fetch(PDO::FETCH_NUM);
$sth->closeCursor();
if ($row !== false && count($row) === 1) {
return $row[0];
}
return $row;
}
return $sth->fetchAll(PDO::FETCH_ASSOC);
} else {
$wantId = param("wantId/b");
$ret = execOne($sql, $wantId);
}
return $ret;
}
function getRsAsTable($sql)
{
global $DBH;
$sth = $DBH->query($sql);
$wantArray = param("wantArray/b", false);
if ($wantArray) {
return $sth->fetchAll(PDO::FETCH_ASSOC);
}
$h = getRsHeader($sth);
$d = $sth->fetchAll(PDO::FETCH_NUM);
return ["h" => $h, "d" => $d];
}