function dbQuery($query, $show_errors = true, $all_results = true, $show_output = true)
{
if ($show_errors) {
error_reporting(E_ALL);
} else {
error_reporting(E_PARSE);
}
// Connect to the Ingres database management system
$link = ingres_pconnect("testdb", "root", "testpass");
if (!$link) {
die(ingres_error());
}
// Print results in HTML
print "<html><body>\n";
// Print SQL query to test sqlmap '--string' command line option
//print "<b>SQL query:</b> " . $query . "<br>\n";
// Perform SQL injection affected query
//$result = ingres_query($link, $query); // on PECL Ingres > 2
$result = ingres_query($query, $link);
if (!$result) {
if ($show_errors) {
print "<b>SQL error:</b> " . ingres_error() . "<br>\n";
}
exit(1);
}
if (!$show_output) {
exit(1);
}
print "<b>SQL results:</b>\n";
print "<table border=\"1\">\n";
//while ($line = ingres_fetch_assoc($result)) { // on PECL Ingres > 2
while ($line = ingres_fetch_array($result)) {
print "<tr>";
foreach ($line as $col_value) {
print "<td>" . $col_value . "</td>";
}
print "</tr>\n";
if (!$all_results) {
break;
}
}
print "</table>\n";
print "</body></html>";
}
/**
* FUNCTION: setDbLoop [** EXPERIMENTAL **]
*
* Function to create a loop from a Db result resource link.
*
* @param string $loopname to commit loop. If not set, will use last loopname set using newLoop()
* @param string $result link to a Db result resource
* @param string $db_type, type of db that the result resource belongs to.
* @return boolean true/false
* @access public
*/
function setDbLoop($loopname, $result, $db_type = 'MYSQL')
{
$db_type = strtoupper($db_type);
if (!in_array($db_type, $this->allowed_loop_dbs)) {
vlibTemplateError::raiseError('VT_WARNING_INVALID_LOOP_DB', WARNING, $db_type);
return false;
}
$loop_arr = array();
switch ($db_type) {
case 'MYSQL':
if (get_resource_type($result) != 'mysql result') {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while ($r = mysql_fetch_assoc($result)) {
$loop_arr[] = $r;
}
break;
case 'POSTGRESQL':
if (get_resource_type($result) != 'pgsql result') {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
$nr = function_exists('pg_num_rows') ? pg_num_rows($result) : pg_numrows($result);
for ($i = 0; $i < $nr; $i++) {
$loop_arr[] = pg_fetch_array($result, $i, PGSQL_ASSOC);
}
break;
case 'INFORMIX':
if (!$result) {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while ($r = ifx_fetch_row($result, 'NEXT')) {
$loop_arr[] = $r;
}
break;
case 'INTERBASE':
if (get_resource_type($result) != 'interbase result') {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while ($r = ibase_fetch_row($result)) {
$loop_arr[] = $r;
}
break;
case 'INGRES':
if (!$result) {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while ($r = ingres_fetch_array(INGRES_ASSOC, $result)) {
$loop_arr[] = $r;
}
break;
case 'MSSQL':
if (get_resource_type($result) != 'mssql result') {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while ($r = mssql_fetch_array($result)) {
$loop_arr[] = $r;
}
break;
case 'MSQL':
if (get_resource_type($result) != 'msql result') {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while ($r = msql_fetch_array($result, MSQL_ASSOC)) {
$loop_arr[] = $r;
}
break;
case 'OCI8':
if (get_resource_type($result) != 'oci8 statement') {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while (OCIFetchInto($result, $r, OCI_ASSOC + OCI_RETURN_LOBS)) {
$loop_arr[] = $r;
}
break;
case 'ORACLE':
if (get_resource_type($result) != 'oracle Cursor') {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while (ora_fetch_into($result, $r, ORA_FETCHINTO_ASSOC)) {
$loop_arr[] = $r;
}
break;
case 'OVRIMOS':
if (!$result) {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while (ovrimos_fetch_into($result, $r, 'NEXT')) {
$loop_arr[] = $r;
}
break;
case 'SYBASE':
if (get_resource_type($result) != 'sybase-db result') {
vlibTemplateError::raiseError('VT_WARNING_INVALID_RESOURCE', WARNING, $db_type);
return false;
}
while ($r = sybase_fetch_array($result)) {
$loop_arr[] = $r;
}
break;
}
$this->setLoop($loopname, $loop_arr);
return true;
}
private function _fetchArray($mode)
{
// Simulates limit
if ($this->nextLimit-- === 0) {
return;
}
// Uses the link
return ingres_fetch_array($mode, $this->link);
}
function Send()
{
$this->error_message();
$this->getHeader();
if ($this->smtp) {
$this->checkSmtp($this->hostSmtp, $this->portSmtp, $this->authenticate, $this->userSmtp, $this->passSmtp);
$this->socket = $this->connectSmtp($this->hostSmtp, $this->portSmtp, $this->timeoutSmtp);
switch ($this->smtpServer) {
case 'esmtp':
$this->smtpEhlo($this->socket);
break;
case 'smtp':
$this->smtpHelo($this->socket);
break;
case 'test':
if ($this->smtpEhlo($this->socket)) {
echo nl2br("Connection successful... \r\n Server type: esmtp server \n");
return false;
} else {
$this->smtpQuit($this->socket);
$this->disconnectSmtp($this->socket);
$this->socket = $this->connectSmtp($this->hostSmtp, $this->portSmtp, $this->timeoutSmtp);
if ($this->smtpHelo($this->socket)) {
echo nl2br("Connection successful... \r\n Server type: smtp server \n");
return false;
} else {
echo nl2br("Server type: unknown server. \n");
return false;
}
}
}
$this->smtpAuth($this->authenticate);
}
if ($this->use == "whom") {
$this->readData($this->setWhom($this->whom));
} elseif ($this->use == "maillist") {
$this->readData($this->checkMaillist($this->list));
} elseif ($this->use == "DB" || $this->use == "all") {
switch ($this->dbfbasa) {
case 'mysql':
if (!$this->query_result) {
return false;
}
while ($this->tos = mysql_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'pgsql':
if (!$this->query_result) {
return false;
}
while ($this->tos = pg_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'ibase':
if (!$this->query_result) {
return false;
}
while ($this->tos = ibase_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'msql':
if (!$this->query_result) {
return false;
}
while ($this->tos = msql_fetch_array($this->query_result, MSQL_ASSOC)) {
$this->readData($this->tos);
}
break;
case 'fbsql':
if (!$this->query_result) {
return false;
}
while ($this->tos = fbsql_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'sqli':
if (!$this->query_result) {
return false;
}
while ($this->tos = sqlite_fetch_array($this->query_result, SQLITE_ASSOC)) {
$this->readData($this->tos);
}
break;
case 'oci':
if (!$this->query_result) {
return false;
}
while ($this->tos = oci_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'sybase':
if (!$this->query_result) {
return false;
}
while ($this->tos = sybase_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'ingres':
if (!$this->query_result) {
return false;
}
while ($this->tos = ingres_fetch_array($this->query_result, INGRES_ASSOC)) {
$this->readData($this->tos);
}
break;
case 'phpmm':
if ($this->use == "all") {
$this->tos = array_merge($this->setWhom($this->whom), $this->checkMaillist($this->list));
$this->readData($this->tos);
}
break;
}
}
if ($this->smtp) {
$this->smtpQuit($this->socket);
$this->disconnectSmtp($this->socket);
}
}
function getResultArray($associative = false)
{
$resultArray = array();
if ($associative) {
while ($row = ingres_fetch_array($this->Result, INGRES_ASSOC)) {
$resultArray[] = $row;
}
} else {
while ($row = ingres_fetch_array($this->Result)) {
$resultArray[] = $row;
}
}
return $resultArray;
}
