function extractTableName($node) { //is this a table type or colref/alias? if (isTable($node)) { $partCounts = count($node['no_quotes']['parts']); //a table node return $node['no_quotes']['parts'][$partCounts - 1]; } else { if (isColref($node) || isset($node['as'])) { //if this is a "*" node, as in SELECT * FROM, then the no_quotes part is not present //and it does not make sense to extract anything anyways if (!isset($node['no_quotes'])) { return false; } $partCounts = count($node['no_quotes']['parts']); if ($partCounts > 1) { return $node['no_quotes']['parts'][$partCounts - 2]; } else { return false; } } else { //don't know what to do return false; } } }
Error("DB NAME을 입력하세요", ""); } // DB에 커넥트 하고 DB NAME으로 select DB $connect = @mysql_connect($hostname, $user_id, $password) or Error("MySQL-DB Connect<br>Error!!!", ""); if (mysql_error()) { Error(mysql_error(), ""); } mysql_select_db($dbname, $connect) or Error("MySQL-DB Select<br>Error!!!", ""); // 관리자 테이블 생성 if (!isTable($admin_table, $dbname)) { @mysql_query($admin_table_schema, $connect) or Error("관리자 테이블 생성 실패", ""); } else { $admin_table_exist = 1; } // 그룹테이블 생성 if (!isTable($group_table, $dbname)) { @mysql_query($group_table_schema, $connect) or Error("그룹 테이블 생성 실패", ""); } else { $group_table_exist = 1; } // 회원관리 테이블 생성 if (!istable($member_table, $dbname)) { @mysql_query($member_table_schema, $connect) or Error("회원관리 테이블 생성 실패", ""); } else { $member_table_exist = 1; } // 쪽지테이블 if (!istable($get_memo_table, $dbname)) { @mysql_query($get_memo_table_schema, $connect) or Error("받은 쪽지 테이블 생성 실패"); } else { $get_memo_table_exists = 1;
/** * @brief Find all the columns in a SQL query and save them in the tableList with the according table * @param sqlTree SQL query tree * @param listOfTables list of tables to save the columns to * * Find all the columns in a SQL query and save them in the tableList with the according table. */ function PHPSQLGroupTablesAndCols($sqlTree, &$listOfTables) { $selectTree = $sqlTree['SELECT']; if (empty($sqlTree['FROM'])) { return; } $fromTree = $sqlTree['FROM']; foreach ($fromTree as $currTable) { $table = array(); if (isTable($currTable)) { $table['name'] = $currTable['table']; $table['no_quotes'] = $currTable['no_quotes']; } else { if (isSubquery($currTable)) { $table['name'] = "DEPENDENT-SUBQUERY"; $table['expr_type'] = "subquery"; $table['no_quotes'] = false; } else { throw new Exception("Unsupported clause in FROM"); } } $table['alias'] = $currTable['alias']; $table['node'] = $currTable; $table['sel_columns'] = array(); array_push($listOfTables, $table); } //put dependant queries at the end of the list $currIndex = count($listOfTables) - 1; foreach ($listOfTables as $key => $node) { if ($node['name'] == 'DEPENDENT-SUBQUERY' && $key < $currIndex) { $tmpNode = $listOfTables[$currIndex]; $listOfTables[$currIndex] = $node; $listOfTables[$key] = $tmpNode; $currIndex--; } } //link the columns with the tables foreach ($selectTree as $node) { $columnsInNode = collectNodes($node, "colref"); foreach ($columnsInNode as $column) { foreach ($listOfTables as &$table) { if (isColumnInTable($column, $table)) { array_push($table['sel_columns'], $column); break; } } } } }
/** * @brief Add all columns to the SELECT tree * @param sqlTree SQL parser tree node of complete query/subquery * @param mysqlConn a properly initialised MySQLI/MySQLII connection to the DB * @param zendAdapter a valid ZEND DB adapter * * This function will evaluate the all the tables that need SQL * attribute substitution. * The database is queried to retrieve a complete list of columns of each table and the * approperiate SELECT colref nodes are added to the SQL parser tree. The SQL * attribute * is removed from the sqlTree SELECT node. */ function _parseSqlAll_SELECT(&$sqlTree, $mysqlConn = false, $zendAdapter = false) { if (!is_array($sqlTree) || !array_key_exists('SELECT', $sqlTree)) { return; } $table = false; $selectCpy = $sqlTree['SELECT']; $sqlTree['SELECT'] = array(); foreach ($selectCpy as &$node) { if (strpos($node['base_expr'], "*") !== false && $node['sub_tree'] === false) { //we have found an all operator and need to find the corresponding //table to look things up $tableFullName = false; $dbName = extractDbName($node); $tableName = extractTableName($node); $colName = extractColumnName($node); if ($dbName !== false) { $tableFullName = "`" . $dbName . "`.`" . $tableName . "`"; } else { if ($tableName !== false) { $tableFullName = "`" . $tableName . "`"; } } $table = array(); $alias = array(); if ($tableFullName === false) { //add everything *ed from all tables to this query foreach ($sqlTree['FROM'] as $fromNode) { if (isTable($fromNode)) { $table[] = $fromNode['table']; if (!hasAlias($fromNode)) { $alias[] = $fromNode['table']; } else { $alias[] = $fromNode['alias']['name']; } } else { if (isSubquery($fromNode)) { //handle subqueries... _parseSqlAll_linkSubquerySELECT($fromNode['sub_tree'], $sqlTree, $fromNode['alias']['name']); } } } } else { foreach ($sqlTree['FROM'] as $fromNode) { //it could be, that the table here is actually another aliased table (which should //have been processed here already, since SELECT is called last) -> link to tree if (isTable($fromNode)) { if (hasAlias($fromNode)) { if (trim($fromNode['alias']['name'], "`") === $tableName) { $table[] = $fromNode['table']; break; } } else { if ($fromNode['table'] === $tableFullName) { $table[] = $fromNode['table']; break; } } } else { if (isSubquery($fromNode)) { if (trim($fromNode['alias']['name'], "`") === $tableName) { _parseSqlAll_linkSubquerySELECT($fromNode['sub_tree'], $sqlTree, $tableName); continue 2; } } } } $alias[] = $tableFullName; } if (empty($table)) { continue; } //now that we know the table, we need to look up what is in there foreach (array_keys($table) as $key) { if ($mysqlConn !== false) { _parseSqlAll_getColsMysqlii($sqlTree, $node, $mysqlConn, $table[$key], $alias[$key]); } if ($zendAdapter !== false) { _parseSqlAll_getColsZend($sqlTree, $node, $zendAdapter, $table[$key], $alias[$key]); } } } else { array_push($sqlTree['SELECT'], $node); } } }
<?php if (!isTable('users') && $bRegLogin) { debug('There is not user database.'); } if (!empty($_GET['logout'])) { if ($_GET['logout'] == "true") { logout(); } } if (!$bRegLogin && !isLoggedIn()) { $_SESSION['user'] = '******'; $_SESSION['admin'] = true; } //If you are not logged in it will take you to the login page. requireLogin(); function login($email, $password) { $sql = "SELECT * FROM users WHERE use_email = '" . $email . "' AND use_password = '******' AND use_active = 1"; debug('User SQL: ' . $sql); $results = mysql_query($sql) or debug('Query failed: ' . mysql_error()); if (mysql_num_rows($results) == 1) { while ($rs = mysql_fetch_assoc($results)) { $_SESSION['user'] = $rs['use_name']; $_SESSION['admin'] = $rs['use_admin']; success('You have successfuly logged in as "' . $rs['use_name'] . '"'); } return true; } else { error('Your login is invalid, please try again.'); return false;
session_start(); echo "1"; include './conf/db_info.php'; echo "2"; include './conf/db/' . $DB[kind] . '.php'; echo "3"; include './lib/init_check.php'; echo "4"; include './bbs/lib/static/bbs_check.php'; echo "5"; $DB_CONNECT = isConnectDb($DB[host], $DB[user], $DB[pass]); echo "6"; $DB_USEMYDB = isSelecteDb($DB[name], $DB_CONNECT); echo "7"; if (!isTable($table)) { putErrPage(getErrorMsg(2)); } echo "8"; if (!$DB_CONNECT) { putErrPage(getErrorMsg(0)); } echo "9"; if (!$DB_USEMYDB) { putErrPage(getErrorMsg(1)); } echo "10"; include './conf/root_info.php'; echo "11"; include './conf/member_info.php'; echo "12";