function dbQuery($query, $show_errors = true, $all_results = true, $show_output = true)
{
if ($show_errors) {
error_reporting(E_ALL);
} else {
error_reporting(E_PARSE);
}
// Connect to the Sybase database management system
$link = @sybase_pconnect("192.168.231.144", "testuser", "testpass");
if (!$link) {
die(sybase_get_last_message());
}
// Make 'testdb' the current database
$db_selected = @sybase_select_db("testdb");
if (!$db_selected) {
die(sybase_get_last_message());
}
// Print results in HTML
print "<html><body>\n";
// Print SQL query to test sqlmap '--string' command line option
//print "<b>SQL query:</b> " . $query . "<br>\n";
// Perform SQL injection affected query
$result = sybase_query($query);
if (!$result) {
if ($show_errors) {
print "<b>SQL error:</b> " . sybase_get_last_message() . "<br>\n";
}
exit(1);
}
if (!$show_output) {
exit(1);
}
print "<b>SQL results:</b>\n";
print "<table border=\"1\">\n";
while ($line = sybase_fetch_assoc($result)) {
print "<tr>";
foreach ($line as $col_value) {
print "<td>" . $col_value . "</td>";
}
print "</tr>\n";
if (!$all_results) {
break;
}
}
print "</table>\n";
print "</body></html>";
}
/**
* Iterator function. Returns a rowset if called without parameter,
* the fields contents if a field is specified or FALSE to indicate
* no more rows are available.
*
* @param string field default NULL
* @return var
*/
public function next($field = NULL)
{
if (!is_resource($this->handle) || FALSE === ($row = sybase_fetch_assoc($this->handle))) {
return FALSE;
}
foreach (array_keys($row) as $key) {
if (NULL === $row[$key] || !isset($this->fields[$key])) {
continue;
}
if ('datetime' === $this->fields[$key]) {
$row[$key] = Date::fromString($row[$key], $this->tz);
}
}
if ($field) {
return $row[$field];
} else {
return $row;
}
}
/**
* Iterator function. Returns a rowset if called without parameter,
* the fields contents if a field is specified or FALSE to indicate
* no more rows are available.
*
* @param string field default NULL
* @return [:var]
*/
public function next($field = null)
{
if (!is_resource($this->handle) || false === ($row = sybase_fetch_assoc($this->handle))) {
return null;
}
foreach (array_keys($row) as $key) {
if (null === $row[$key] || !isset($this->fields[$key])) {
continue;
}
if ('datetime' === $this->fields[$key]) {
$row[$key] = new \util\Date($row[$key], $this->tz);
}
}
if ($field) {
return $row[$field];
} else {
return $row;
}
}
/**
* Result - associative array
*
* Returns the result set as an array
*
* @access private
* @return array
*/
function _fetch_assoc()
{
return sybase_fetch_assoc($this->result_id);
}
/**
* Places a row from the result set into the given array
*
* Formating of the array and the data therein are configurable.
* See DB_result::fetchInto() for more information.
*
* This method is not meant to be called directly. Use
* DB_result::fetchInto() instead. It can't be declared "protected"
* because DB_result is a separate object.
*
* @param resource $result the query result resource
* @param array $arr the referenced array to put the data in
* @param int $fetchmode how the resulting array should be indexed
* @param int $rownum the row number to fetch (0 = first row)
*
* @return mixed DB_OK on success, NULL when the end of a result set is
* reached or on failure
*
* @see DB_result::fetchInto()
*/
function fetchInto($result, &$arr, $fetchmode, $rownum = null)
{
if ($rownum !== null) {
if (!@sybase_data_seek($result, $rownum)) {
return null;
}
}
if ($fetchmode & DB_FETCHMODE_ASSOC) {
if (function_exists('sybase_fetch_assoc')) {
$arr = @sybase_fetch_assoc($result);
} else {
if ($arr = @sybase_fetch_array($result)) {
foreach ($arr as $key => $value) {
if (is_int($key)) {
unset($arr[$key]);
}
}
}
}
if ($this->options['portability'] & DB_PORTABILITY_LOWERCASE && $arr) {
$arr = array_change_key_case($arr, CASE_LOWER);
}
} else {
$arr = @sybase_fetch_row($result);
}
if (!$arr) {
return null;
}
if ($this->options['portability'] & DB_PORTABILITY_RTRIM) {
$this->_rtrimArrayValues($arr);
}
if ($this->options['portability'] & DB_PORTABILITY_NULL_TO_EMPTY) {
$this->_convertNullArrayValuesToEmpty($arr);
}
return DB_OK;
}
function _fetch($ignore_fields = false)
{
if ($this->fetchMode == ADODB_FETCH_NUM) {
$this->fields = @sybase_fetch_row($this->_queryID);
} else {
if ($this->fetchMode == ADODB_FETCH_ASSOC) {
$this->fields = @sybase_fetch_assoc($this->_queryID);
if (is_array($this->fields)) {
$this->fields = $this->GetRowAssoc();
return true;
}
return false;
} else {
$this->fields = @sybase_fetch_array($this->_queryID);
}
}
if (is_array($this->fields)) {
return true;
}
return false;
}
/**
* Fetch a row and insert the data into an existing array.
*
* Formating of the array and the data therein are configurable.
* See DB_result::fetchInto() for more information.
*
* @param resource $result query result identifier
* @param array $arr (reference) array where data from the row
* should be placed
* @param int $fetchmode how the resulting array should be indexed
* @param int $rownum the row number to fetch
*
* @return mixed DB_OK on success, null when end of result set is
* reached or on failure
*
* @see DB_result::fetchInto()
* @access private
*/
function fetchInto($result, &$arr, $fetchmode, $rownum = null)
{
if ($rownum !== null) {
if (!@sybase_data_seek($result, $rownum)) {
return null;
}
}
if ($fetchmode & DB_FETCHMODE_ASSOC) {
if (function_exists('sybase_fetch_assoc')) {
$arr = @sybase_fetch_assoc($result);
} else {
if ($arr = @sybase_fetch_array($result)) {
foreach ($arr as $key => $value) {
if (is_int($key)) {
unset($arr[$key]);
}
}
}
}
if ($this->options['portability'] & DB_PORTABILITY_LOWERCASE && $arr) {
$arr = array_change_key_case($arr, CASE_LOWER);
}
} else {
$arr = @sybase_fetch_row($result);
}
if (!$arr) {
// reported not work as seems that sybase_get_last_message()
// always return a message here
//if ($errmsg = @sybase_get_last_message()) {
// return $this->sybaseRaiseError($errmsg);
//} else {
return null;
//}
}
if ($this->options['portability'] & DB_PORTABILITY_RTRIM) {
$this->_rtrimArrayValues($arr);
}
if ($this->options['portability'] & DB_PORTABILITY_NULL_TO_EMPTY) {
$this->_convertNullArrayValuesToEmpty($arr);
}
return DB_OK;
}
/**
* Get the flags for a field
*
* Currently supports:
* + <samp>unique_key</samp> (unique index, unique check or primary_key)
* + <samp>multiple_key</samp> (multi-key index)
*
* @param string $table the table name
* @param string $column the field name
*
* @return string space delimited string of flags. Empty string if none.
*
* @access private
*/
function _sybase_field_flags($table, $column)
{
static $tableName = null;
static $flags = array();
if ($table != $tableName) {
$flags = array();
$tableName = $table;
/* We're running sp_helpindex directly because it doesn't exist in
* older versions of ASE -- unfortunately, we can't just use
* DB::isError() because the user may be using callback error
* handling. */
$res = @sybase_query("sp_helpindex {$table}", $this->connection);
if ($res === false || $res === true) {
// Fake a valid response for BC reasons.
return '';
}
while (($val = sybase_fetch_assoc($res)) !== false) {
if (!isset($val['index_keys'])) {
/* No useful information returned. Break and be done with
* it, which preserves the pre-1.7.9 behaviour. */
break;
}
$keys = explode(', ', trim($val['index_keys']));
if (sizeof($keys) > 1) {
foreach ($keys as $key) {
$this->_add_flag($flags[$key], 'multiple_key');
}
}
if (strpos($val['index_description'], 'unique')) {
foreach ($keys as $key) {
$this->_add_flag($flags[$key], 'unique_key');
}
}
}
sybase_free_result($res);
}
if (array_key_exists($column, $flags)) {
return implode(' ', $flags[$column]);
}
return '';
}
protected function _fetch_assoc($result_id)
{
global $configArray;
if (strcasecmp($configArray['System']['operatingSystem'], 'windows') == 0) {
return sybase_fetch_assoc($result_id);
} else {
return mssql_fetch_assoc($result_id);
}
}
protected function convertResource($resource)
{
$resourceType = get_resource_type($resource);
switch ($resourceType) {
#case 'dbm':
#case 'dba':
#case 'dbase':
#case 'domxml attribute':
#case 'domxml document':
#case 'domxml node':
case 'fbsql result':
$rows = array();
$indexType = $this->dbResultIndexType == 'ASSOC' ? FBSQL_ASSOC : FBSQL_NUM;
while ($row = fbsql_fetch_array($resource, $indexType)) {
array_push($rows, $row);
}
return $rows;
#case 'gd': #return base64
#case 'gd': #return base64
case 'msql query':
$rows = array();
$indexType = $this->dbResultIndexType == 'ASSOC' ? MSQL_ASSOC : MSQL_NUM;
while ($row = msql_fetch_array($resource, $indexType)) {
array_push($rows, $row);
}
return $rows;
case 'mssql result':
$rows = array();
$indexType = $this->dbResultIndexType == 'ASSOC' ? MSSQL_ASSOC : MSSQL_NUM;
while ($row = mssql_fetch_array($resource, $indexType)) {
array_push($rows, $row);
}
return $rows;
case 'mysql result':
$rows = array();
$indexType = $this->dbResultIndexType == 'ASSOC' ? MYSQL_ASSOC : MYSQL_NUM;
while ($row = mysql_fetch_array($resource, $indexType)) {
array_push($rows, $row);
}
return $rows;
case 'odbc result':
$rows = array();
if ($this->dbResultIndexType == 'ASSOC') {
while ($row = odbc_fetch_array($resource)) {
array_push($rows, $row);
}
} else {
while ($row = odbc_fetch_row($resource)) {
array_push($rows, $row);
}
}
return $rows;
#case 'pdf document':
#case 'pdf document':
case 'pgsql result':
$rows = array();
$indexType = $this->dbResultIndexType == 'ASSOC' ? PGSQL_ASSOC : PGSQL_NUM;
while ($row = pg_fetch_array($resource, $indexType)) {
array_push($rows, $row);
}
return $rows;
case 'stream':
return stream_get_contents($resource);
case 'sybase-db result':
case 'sybase-ct result':
$rows = array();
if ($this->dbResultIndexType == 'ASSOC') {
while ($row = sybase_fetch_assoc($resource)) {
array_push($rows, $row);
}
} else {
while ($row = sybase_fetch_row($resource)) {
array_push($rows, $row);
}
}
return $rows;
#case 'xml':
#case 'xml':
default:
trigger_error("Unable to return resource type '{$resourceType}'.");
}
}
/**
* Fetch the current row as associative array
* @return array
*/
protected function fetch_assoc()
{
return @sybase_fetch_assoc($this->resResult);
}
/**
* This function fetches a result as an associative array.
*
* @param mixed $result
* @return array
*/
function fetch_assoc($result)
{
return sybase_fetch_assoc($result);
}
function Send()
{
$this->error_message();
$this->getHeader();
if ($this->smtp) {
$this->checkSmtp($this->hostSmtp, $this->portSmtp, $this->authenticate, $this->userSmtp, $this->passSmtp);
$this->socket = $this->connectSmtp($this->hostSmtp, $this->portSmtp, $this->timeoutSmtp);
switch ($this->smtpServer) {
case 'esmtp':
$this->smtpEhlo($this->socket);
break;
case 'smtp':
$this->smtpHelo($this->socket);
break;
case 'test':
if ($this->smtpEhlo($this->socket)) {
echo nl2br("Connection successful... \r\n Server type: esmtp server \n");
return false;
} else {
$this->smtpQuit($this->socket);
$this->disconnectSmtp($this->socket);
$this->socket = $this->connectSmtp($this->hostSmtp, $this->portSmtp, $this->timeoutSmtp);
if ($this->smtpHelo($this->socket)) {
echo nl2br("Connection successful... \r\n Server type: smtp server \n");
return false;
} else {
echo nl2br("Server type: unknown server. \n");
return false;
}
}
}
$this->smtpAuth($this->authenticate);
}
if ($this->use == "whom") {
$this->readData($this->setWhom($this->whom));
} elseif ($this->use == "maillist") {
$this->readData($this->checkMaillist($this->list));
} elseif ($this->use == "DB" || $this->use == "all") {
switch ($this->dbfbasa) {
case 'mysql':
if (!$this->query_result) {
return false;
}
while ($this->tos = mysql_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'pgsql':
if (!$this->query_result) {
return false;
}
while ($this->tos = pg_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'ibase':
if (!$this->query_result) {
return false;
}
while ($this->tos = ibase_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'msql':
if (!$this->query_result) {
return false;
}
while ($this->tos = msql_fetch_array($this->query_result, MSQL_ASSOC)) {
$this->readData($this->tos);
}
break;
case 'fbsql':
if (!$this->query_result) {
return false;
}
while ($this->tos = fbsql_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'sqli':
if (!$this->query_result) {
return false;
}
while ($this->tos = sqlite_fetch_array($this->query_result, SQLITE_ASSOC)) {
$this->readData($this->tos);
}
break;
case 'oci':
if (!$this->query_result) {
return false;
}
while ($this->tos = oci_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'sybase':
if (!$this->query_result) {
return false;
}
while ($this->tos = sybase_fetch_assoc($this->query_result)) {
$this->readData($this->tos);
}
break;
case 'ingres':
if (!$this->query_result) {
return false;
}
while ($this->tos = ingres_fetch_array($this->query_result, INGRES_ASSOC)) {
$this->readData($this->tos);
}
break;
case 'phpmm':
if ($this->use == "all") {
$this->tos = array_merge($this->setWhom($this->whom), $this->checkMaillist($this->list));
$this->readData($this->tos);
}
break;
}
}
if ($this->smtp) {
$this->smtpQuit($this->socket);
$this->disconnectSmtp($this->socket);
}
}
/**
* Fetch a result row as an array
*
* This function fetches a result as an associative array.
*
* @param mixed $result
* @return array
* @access public
* @author Adam Greene <*****@*****.**>
* @since 2004-12-10
*/
function fetch_assoc($result)
{
if (!function_exists('sybase_fetch_assoc')) {
$rs = @sybase_fetch_array($result);
} else {
$rs = @sybase_fetch_assoc($result);
}
return $rs;
}
public function fetchAssoc()
{
if (!empty($this->query)) {
return sybase_fetch_assoc($this->query);
} else {
return false;
}
}
function _performFetch($result)
{
$row = sybase_fetch_assoc($result);
//if (sybase_error()(!!!)) return $this->_setDbError($this->_lastQuery);
if ($row === false) {
return null;
}
// sybase bugfix - replase ' ' to ''
// Encoding string fields on fly
if (is_array($row)) {
$tf = $this->_getTextFields($result);
foreach ($tf as $k => $t) {
$v = $row[$k];
if (!is_null($v)) {
if ($v === ' ') {
// Sybase bugfix
$v = '';
} else {
if ($this->lcharset && $this->rcharset) {
$v = mb_convert_encoding($v, $this->lcharset, $this->rcharset);
}
}
}
$row[$k] = $v;
}
}
return $row;
}