Example #1
0
function run()
{
    $sql = $_POST['pk1'];
    echo str_replace("\n", " ", str_replace("\r", "", $sql));
    if (stripos($sql, "SELECT", 0) === 0) {
        $json = new SQLProcessToArray();
        ?>
	<script>
				$(document).ready(
						function() {
							$("#sqlresults").val("<?php 
        echo str_replace("\"", "\\\"", json_encode($json->fetch($sql)));
        ?>
");
						}
					);
	</script>
	<?php 
    } else {
        $result = mysql_query(mysql_escape_string(str_replace("\n", " ", str_replace("\r", "", $sql))));
        if (!$result) {
            ?>
	<script>
				$(document).ready(
						function() {
							pwAlert("<?php 
            echo str_replace("\n", "\\n", mysql_error()) . "\\n\\n" . str_replace("\n", " ", str_replace("\r", "", $sql));
            ?>
");
						}
					);
	</script>
	<?php 
        }
    }
}
Example #2
0
<?php

require_once "sqlprocesstoarray.php";
require_once 'php-sql-parser.php';
require_once 'php-sql-creator.php';
$json = new SQLProcessToArray();
if (isset($_POST['sql'])) {
    $qry = $_POST['sql'];
}
if (isset($_GET['sql'])) {
    $qry = $_GET['sql'];
}
$qry = str_replace("\\'", "'", $qry);
if (isset($_POST['orderby'])) {
    $parser = new PHPSQLParser($qry);
    if (isset($parser->parsed['ORDER'])) {
        unset($parser->parsed['ORDER']);
    }
    if ($_POST['orderby'] != "") {
        $parser->parsed['ORDER'] = array();
        $parser->parsed['ORDER'][] = array("expr_type" => "colref", "base_expr" => $_POST['orderby'], "sub_tree" => "", "direction" => $_POST['direction']);
        $creator = new PHPSQLCreator($parser->parsed);
        $qry = $creator->created;
    }
    if (isset($_POST['from'])) {
        $qry .= " LIMIT " . $_POST['from'] . ", " . $_POST['to'];
    }
}
//	echo $qry;
echo json_encode($json->fetch($qry));
<?php

//Include database connection details
require_once 'system-db.php';
require_once "sqlprocesstoarray.php";
start_db();
$userid = $_POST['userid'];
$rotaid = $_POST['rotaid'];
$startdate = convertStringToDate($_POST['startdate']);
$enddate = convertStringToDate($_POST['enddate']);
$notes = mysql_escape_string($_POST['notes']);
$watch = mysql_escape_string($_POST['watch']);
if ($_POST['eventid'] == "") {
    $qry = "INSERT INTO {$_SESSION['DB_PREFIX']}scheduleitem \n\t\t\t\t(\n\t\t\t\t\trotaid, userid, startdate, enddate, notes, watch\n\t\t\t\t)\n\t\t\t\tVALUES\n\t\t\t\t(\n\t\t\t\t\t{$rotaid}, {$userid}, '{$startdate}', '{$enddate}', '{$notes}', '{$watch}'\n\t\t\t\t)";
    $result = mysql_query($qry);
    if (!$result) {
        logError($qry . " - " . mysql_error());
    }
    $id = mysql_insert_id();
} else {
    $id = $_POST['eventid'];
    $qry = "UPDATE {$_SESSION['DB_PREFIX']}scheduleitem SET \n\t\t\t\tstartdate = '{$startdate}',\n\t\t\t\tenddate = '{$enddate}',\n\t\t\t\tuserid = {$userid},\n\t\t\t\tnotes = '{$notes}',\n\t\t\t\twatch = '{$watch}'\n\t\t\t\tWHERE id = {$id}";
    $result = mysql_query($qry);
    if (!$result) {
        logError($qry . " - " . mysql_error());
    }
}
$sql = "SELECT A.*, B.fullname\n\t\t\tFROM {$_SESSION['DB_PREFIX']}scheduleitem A\n\t\t\tINNER JOIN {$_SESSION['DB_PREFIX']}members B\n\t\t\tON B.member_id = A.userid\n\t\t\tWHERE A.id = {$id}";
$json = new SQLProcessToArray();
echo json_encode($json->fetch($sql));