function stripquotes($str, $flag = true)
{
if ($flag) {
$str = straft($str, "'");
}
$str = strbef($str, "'");
return $str;
}
public function query($str)
{
if (self::$db == NULL) {
self::$error->set("No database connection found");
}
if (preg_match("/^SELECT [\\*,-a-zA-Z0-9_]+ FROM [-a-zA-Z0-9_]+( WHERE ([-a-zA-Z0-9_]+((=|!=|<=|>=|<|>)'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| IS NULL|IS NOT NULL| LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| NOT LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+')| AND | OR |(\\s)?(\\(|\\))?(\\s)?)+)?( ORDER BY [-a-zA-Z0-9_]+ (ASC|DESC)| LIMIT [0-9]+,[0-9]+|\$)+/i", $str, $match) != 0 && $str == $match[0]) {
$str = substr($str, 7);
$fields = NULL;
if (substr($str, 0, 2) != '* ') {
$fields = explode(",", strbef($str, " FROM "));
}
$str = straft($str, " FROM ");
$table = strbef($str, " ");
$this->checkTableName($table);
$str = straft($str, " ");
$limit = explode(",", straft($str, "LIMIT "));
$str = strbef($str, " LIMIT ");
$order = explode(" ", straft($str, "ORDER BY "));
$str = strbef($str, " ORDER BY ");
$str = straft($str, "WHERE ");
return $this->selectfrom($table, $fields, $limit, $order, $str);
} else {
if (preg_match("/^DELETE FROM [-a-zA-Z0-9_]+( WHERE ([-a-zA-Z0-9_]+((=|!=|<=|>=|<|>)'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| IS NULL|IS NOT NULL| LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| NOT LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+')| AND | OR |(\\s)?(\\(|\\))?(\\s)?)+)?( ORDER BY [-a-zA-Z0-9_]+ (ASC|DESC)| LIMIT [0-9]+,[0-9]+|\$)+/i", $str, $match) != 0 && $str == $match[0]) {
$str = substr($str, 12);
$table = strbef($str, " ");
$this->checkTableName($table);
$str = straft($str, " ");
$limit = explode(",", straft($str, "LIMIT "));
$str = strbef($str, " LIMIT ");
$order = explode(" ", straft($str, "ORDER BY "));
$str = strbef($str, " ORDER BY ");
$str = straft($str, "WHERE ");
$this->deletefrom($table, $limit, $order, $str);
} else {
if (preg_match("/^INSERT INTO [-a-zA-Z0-9_]+ (\\([,-a-ZA-Z0-9_]+\\) )?VALUES \\('[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'(,'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+')*\\)/i", $str, $match) != 0 && $str == $match[0]) {
$fields = null;
$str = substr($str, 12);
$table = strbef($str, " ");
$this->checkTableName($table);
$str = straft($str, " ");
$buf = strbef($str, "VALUES ");
$str = straft($str, "VALUES (");
if (!empty($buf)) {
$buf = substr($buf, 1);
$buf = strbef($buf, ") ");
$fields = explode(",", $buf);
}
$values = explode(",", strbef($str, ")"));
$this->insertinto($table, $fields, $values);
} else {
if (preg_match("/^UPDATE [-a-zA-Z0-9_]+ SET [-a-zA-Z0-9_]+=('NULL'|'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'|'DEFAULT')(,[-a-zA-Z0-9_]+=('NULL'|'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'|'DEFAULT'))*( WHERE ([-a-zA-Z0-9_]+((=|!=|<=|>=|<|>)'[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| IS NULL|IS NOT NULL| LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'| NOT LIKE '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+')| AND | OR |(\\s)?(\\(|\\))?(\\s)?)+)?( ORDER BY [-a-zA-Z0-9_]+ (ASC|DESC)| LIMIT [0-9]+,[0-9]+|\$)+/i", $str, $match) != 0 && $str == $match[0]) {
$str = substr($str, 7);
$table = strbef($str, " ");
$this->checkTableName($table);
$str = straft($str, " ");
$limit = explode(",", straft($str, "LIMIT "));
$str = strbef($str, " LIMIT ");
$order = explode(" ", straft($str, "ORDER BY "));
$str = strbef($str, " ORDER BY ");
$where = straft($str, "WHERE ");
$str = strbef($str, "WHERE ");
$set = explode(",", straft($str, "SET "));
foreach ($set as $id => $key) {
$set[$id] = explode("='", $key);
}
$this->update($table, $set, $limit, $order, $where);
} else {
if (preg_match("/^CREATE TABLE [-a-zA-Z0-9_]+ \\(([-a-zA-Z0-9_]+ (string|int) (NULL|DEFAULT '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'))(,[-a-zA-Z0-9_]+ (string|int) (NULL|DEFAULT '[%-a-zA-Z0-9_\\/\\(\\)\\s:;,@\\.]+'))*\\)\$/i", $str, $match) != 0 && $str == $match[0]) {
$str = substr($str, 13);
$table = strbef($str, " ");
$this->checkTableName($table);
$str = straft($str, " (");
$str = strbef($str, ")");
$fields = explode(",", $str);
$this->createtable($table, $fields);
} else {
if (preg_match("/^DROP TABLE [-a-zA-Z0-9_]+\$/i", $str, $match) != 0 && $str == $match[0]) {
$table = substr($str, 11);
$this->checkTableName($table);
$this->droptable($table);
} else {
self::$error->set("Not a valid mysql query. Query: " . $str);
}
}
}
}
}
}
}
