Beispiel #1
0
function stripquotes($str, $flag = true)
{
    if ($flag) {
        $str = straft($str, "'");
    }
    $str = strbef($str, "'");
    return $str;
}
Beispiel #2
0
 public function query($str)
 {
     if (self::$db == NULL) {
         self::$error->set("No database connection found");
     }
     if (preg_match("/^SELECT [\\*,-a-zA-Z0-9_]+ FROM [-a-zA-Z0-9_]+( WHERE ([-a-zA-Z0-9_]+((=|!=|<=|>=|<|>)'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| IS NULL|IS NOT NULL| LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| NOT LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+')| AND | OR |(\\s)?(\\(|\\))?(\\s)?)+)?( ORDER BY [-a-zA-Z0-9_]+ (ASC|DESC)| LIMIT [0-9]+,[0-9]+|\$)+/i", $str, $match) != 0 && $str == $match[0]) {
         $str = substr($str, 7);
         $fields = NULL;
         if (substr($str, 0, 2) != '* ') {
             $fields = explode(",", strbef($str, " FROM "));
         }
         $str = straft($str, " FROM ");
         $table = strbef($str, " ");
         $this->checkTableName($table);
         $str = straft($str, " ");
         $limit = explode(",", straft($str, "LIMIT "));
         $str = strbef($str, " LIMIT ");
         $order = explode(" ", straft($str, "ORDER BY "));
         $str = strbef($str, " ORDER BY ");
         $str = straft($str, "WHERE ");
         return $this->selectfrom($table, $fields, $limit, $order, $str);
     } else {
         if (preg_match("/^DELETE FROM [-a-zA-Z0-9_]+( WHERE ([-a-zA-Z0-9_]+((=|!=|<=|>=|<|>)'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| IS NULL|IS NOT NULL| LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| NOT LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+')| AND | OR |(\\s)?(\\(|\\))?(\\s)?)+)?( ORDER BY [-a-zA-Z0-9_]+ (ASC|DESC)| LIMIT [0-9]+,[0-9]+|\$)+/i", $str, $match) != 0 && $str == $match[0]) {
             $str = substr($str, 12);
             $table = strbef($str, " ");
             $this->checkTableName($table);
             $str = straft($str, " ");
             $limit = explode(",", straft($str, "LIMIT "));
             $str = strbef($str, " LIMIT ");
             $order = explode(" ", straft($str, "ORDER BY "));
             $str = strbef($str, " ORDER BY ");
             $str = straft($str, "WHERE ");
             $this->deletefrom($table, $limit, $order, $str);
         } else {
             if (preg_match("/^INSERT INTO [-a-zA-Z0-9_]+ (\\([,-a-ZA-Z0-9_]+\\) )?VALUES \\('[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'(,'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+')*\\)/i", $str, $match) != 0 && $str == $match[0]) {
                 $fields = null;
                 $str = substr($str, 12);
                 $table = strbef($str, " ");
                 $this->checkTableName($table);
                 $str = straft($str, " ");
                 $buf = strbef($str, "VALUES ");
                 $str = straft($str, "VALUES (");
                 if (!empty($buf)) {
                     $buf = substr($buf, 1);
                     $buf = strbef($buf, ") ");
                     $fields = explode(",", $buf);
                 }
                 $values = explode(",", strbef($str, ")"));
                 $this->insertinto($table, $fields, $values);
             } else {
                 if (preg_match("/^UPDATE [-a-zA-Z0-9_]+ SET [-a-zA-Z0-9_]+=('NULL'|'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'|'DEFAULT')(,[-a-zA-Z0-9_]+=('NULL'|'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'|'DEFAULT'))*( WHERE ([-a-zA-Z0-9_]+((=|!=|<=|>=|<|>)'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| IS NULL|IS NOT NULL| LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| NOT LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+')| AND | OR |(\\s)?(\\(|\\))?(\\s)?)+)?( ORDER BY [-a-zA-Z0-9_]+ (ASC|DESC)| LIMIT [0-9]+,[0-9]+|\$)+/i", $str, $match) != 0 && $str == $match[0]) {
                     $str = substr($str, 7);
                     $table = strbef($str, " ");
                     $this->checkTableName($table);
                     $str = straft($str, " ");
                     $limit = explode(",", straft($str, "LIMIT "));
                     $str = strbef($str, " LIMIT ");
                     $order = explode(" ", straft($str, "ORDER BY "));
                     $str = strbef($str, " ORDER BY ");
                     $where = straft($str, "WHERE ");
                     $str = strbef($str, "WHERE ");
                     $set = explode(",", straft($str, "SET "));
                     foreach ($set as $id => $key) {
                         $set[$id] = explode("='", $key);
                     }
                     $this->update($table, $set, $limit, $order, $where);
                 } else {
                     if (preg_match("/^CREATE TABLE [-a-zA-Z0-9_]+ \\(([-a-zA-Z0-9_]+ (string|int) (NULL|DEFAULT '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'))(,[-a-zA-Z0-9_]+ (string|int) (NULL|DEFAULT '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'))*\\)\$/i", $str, $match) != 0 && $str == $match[0]) {
                         $str = substr($str, 13);
                         $table = strbef($str, " ");
                         $this->checkTableName($table);
                         $str = straft($str, " (");
                         $str = strbef($str, ")");
                         $fields = explode(",", $str);
                         $this->createtable($table, $fields);
                     } else {
                         if (preg_match("/^DROP TABLE [-a-zA-Z0-9_]+\$/i", $str, $match) != 0 && $str == $match[0]) {
                             $table = substr($str, 11);
                             $this->checkTableName($table);
                             $this->droptable($table);
                         } else {
                             self::$error->set("Not a valid mysql query. Query: " . $str);
                         }
                     }
                 }
             }
         }
     }
 }