예제 #1
0
 /**
  * connect()
  *
  * This function connects to a MaxDB database
  *
  * @param   string $host
  * @param   string $username
  * @param   string $password
  * @param   string $db_name
  * @return  boolean true, if connected, otherwise false
  * @access  public
  * @author  Thorsten Rinne <*****@*****.**>
  * @since   2005-09-05
  */
 function connect($host, $user, $passwd, $db)
 {
     $this->conn = maxdb_connect($host, $user, $passwd, $db);
     if (empty($db) || $this->conn == false) {
         print "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
         print "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n";
         print "<head>\n";
         print "    <title>phpMyFAQ Error</title>\n";
         print "    <meta http-equiv=\"content-type\" content=\"application/xhtml+xml; charset=utf-8\" />\n";
         print "</head>\n";
         print "<body>\n";
         print "<p align=\"center\">The connection to the maxdb server could not be established.</p>\n";
         print "<p align=\"center\">The error message of the maxdb server:<br />" . maxdb_connect_error() . "</p>\n";
         print "</body>\n";
         print "</html>";
         return false;
     }
     return $this->conn;
 }
예제 #2
0
function dbQuery($query, $show_errors = true, $all_results = true, $show_output = true)
{
    if ($show_errors) {
        error_reporting(E_ALL);
    } else {
        error_reporting(E_PARSE);
    }
    // Connect to the MaxDB database management system
    $link = maxdb_connect("localhost", "ROOT", "TESTPASS", "testdb");
    // implicitly usernames and passwords are all upper case
    if (!$link) {
        die(maxdb_connect_error());
    }
    // Print results in HTML
    print "<html><body>\n";
    // Print SQL query to test sqlmap '--string' command line option
    //print "<b>SQL query:</b> " . $query . "<br>\n";
    // Perform SQL injection affected query
    $result = maxdb_query($link, $query);
    if (!$result) {
        if ($show_errors) {
            print "<b>SQL error:</b> " . maxdb_error($link) . "<br>\n";
        }
        exit(1);
    }
    if (!$show_output) {
        exit(1);
    }
    print "<b>SQL results:</b>\n";
    print "<table border=\"1\">\n";
    while ($line = maxdb_fetch_array($result, MAXDB_ASSOC)) {
        print "<tr>";
        foreach ($line as $col_value) {
            print "<td>" . $col_value . "</td>";
        }
        print "</tr>\n";
        if (!$all_results) {
            break;
        }
    }
    print "</table>\n";
    print "</body></html>";
}