function query($query) { // Extract back quotes $query = str_replace("`", "", $query); // Handle limits preg_match("/LIMIT 0,[\\s]*([\\d]+)/i", $query, $matches); $this->nextLimit = @$matches[1]; $query = preg_replace("/(LIMIT 0,[\\s]*[\\d]+)/i", "", $query); $ret = ingres_query($query, $this->link); // Simulate autocommit because ingres_autocommit() is unavailable if ($ret && preg_match("/^(INSERT|UPDATE|DELETE)/i", $query)) { ingres_commit($this->link); } return $ret; }
function dbQuery($query, $show_errors = true, $all_results = true, $show_output = true) { if ($show_errors) { error_reporting(E_ALL); } else { error_reporting(E_PARSE); } // Connect to the Ingres database management system $link = ingres_pconnect("testdb", "root", "testpass"); if (!$link) { die(ingres_error()); } // Print results in HTML print "<html><body>\n"; // Print SQL query to test sqlmap '--string' command line option //print "<b>SQL query:</b> " . $query . "<br>\n"; // Perform SQL injection affected query //$result = ingres_query($link, $query); // on PECL Ingres > 2 $result = ingres_query($query, $link); if (!$result) { if ($show_errors) { print "<b>SQL error:</b> " . ingres_error() . "<br>\n"; } exit(1); } if (!$show_output) { exit(1); } print "<b>SQL results:</b>\n"; print "<table border=\"1\">\n"; //while ($line = ingres_fetch_assoc($result)) { // on PECL Ingres > 2 while ($line = ingres_fetch_array($result)) { print "<tr>"; foreach ($line as $col_value) { print "<td>" . $col_value . "</td>"; } print "</tr>\n"; if (!$all_results) { break; } } print "</table>\n"; print "</body></html>"; }
<?php mysql_query($res, <<<SQL select {$a} from table SQL ); pg_query($res, "select {$a} from table "); sqlsrv_query($res, "select " . $a . " from table "); \cubrid_query($res, 'select ' . $a . ' from table '); //sybase_query //ingres_query // OK, as no concatenation mysqli_query($res, <<<SQL select * from table SQL ); // Nowdoc \ingres_query($res, <<<'SQL' select * from table $table; SQL );
function query_ingres($query) { if (!$this->link_ingres) { return false; } $this->query_result = ingres_query($this->link_ingres, $query); if ($this->query_result) { return $this->query_result; } else { print nl2br("Error query. \n"); return false; } }
function query($sql, $params = array(), $sqltypes = "") { /*After a query is send, its result must be fetched BEFORE another query is executed *If not the result of the first query is destroyed by the second query */ $this->Result = ingres_query($this->Connection, $sql, $params, $sqltypes); if ($this->Result) { return; } else { throw new Exception("Error while sending query:" . $sql . "<br/>Errno: " . ingres_errno() . "<br/>Error: " . ingres_error(), 3); } }