Пример #1
0
function Ebak_DoRunQuery($sql,$mydbchar,$mydbver){
	$sql=str_replace("\r","\n",$sql);
	$ret=array();
	$num=0;
	foreach(explode(";\n",trim($sql)) as $query)
	{
		$queries=explode("\n",trim($query));
		foreach($queries as $query)
		{
			$ret[$num].=$query[0]=='#'||$query[0].$query[1]=='--'?'':$query;
		}
		$num++;
	}
	unset($sql);
	foreach($ret as $query)
	{
		$query=trim($query);
		if($query)
		{
			if(substr($query,0,12)=='CREATE TABLE')
			{
				mysql_query(Ebak_DoCreateTable($query,$mydbver,$mydbchar)) or die(mysql_error()."<br>".$query);
			}
			else
			{
				mysql_query($query) or die(mysql_error()."<br>".$query);
			}
		}
	}
}
Пример #2
0
function Ebak_AddDbchar($sql){
	global $ecms_config,$b_dbchar;
	//加编码
	if($ecms_config['db']['dbver']>='4.1'&&!strstr($sql,'ENGINE=')&&($ecms_config['db']['setchar']||$b_dbchar)&&$b_dbchar!='auto')
	{
		$dbcharset=$b_dbchar?$b_dbchar:$ecms_config['db']['setchar'];
		$sql=Ebak_DoCreateTable($sql,$ecms_config['db']['dbver'],$dbcharset);
	}
	elseif($ecms_config['db']['dbver']=='4.0'&&strstr($sql,'ENGINE='))
	{
		$sql=Ebak_ToMysqlFour($sql);
	}
	//去除字段中的编码
	$sql=Ebak_ReplaceFieldChar($sql);
	return $sql;
}
Пример #3
0
function Ebak_DoRunQuery($sql, $mydbchar, $mydbver)
{
    $sql = str_replace("\r", "\n", $sql);
    $ret = array();
    $num = 0;
    foreach (explode(";\n", trim($sql)) as $query) {
        $queries = explode("\n", trim($query));
        foreach ($queries as $query) {
            $ret[$num] .= $query[0] == '#' || $query[0] . $query[1] == '--' ? '' : $query;
        }
        $num++;
    }
    unset($sql);
    foreach ($ret as $query) {
        $query = trim($query);
        if ($query) {
            /* SQL注入过滤 */
            if (preg_match("/select.*into.*(outfile|dumpfile)/sim", $query, $matches)) {
                echo "request error!" . "</br>" . $matches[0];
                die;
            }
            /* */
            if (substr($query, 0, 12) == 'CREATE TABLE') {
                mysql_query(Ebak_DoCreateTable($query, $mydbver, $mydbchar)) or die(mysql_error() . "<br>" . $query);
            } else {
                mysql_query($query) or die(mysql_error() . "<br>" . $query);
            }
        }
    }
}
Пример #4
0
function Ebak_AddDbchar($sql)
{
    global $phome_use_dbver, $phome_db_char, $b_dbchar;
    //加编码
    if ($phome_use_dbver >= '4.1' && !strstr($sql, 'ENGINE=') && ($phome_db_char || $b_dbchar) && $b_dbchar != 'auto') {
        $dbcharset = $b_dbchar ? $b_dbchar : $phome_db_char;
        $sql = Ebak_DoCreateTable($sql, $phome_use_dbver, $dbcharset);
    } elseif ($phome_use_dbver == '4.0' && strstr($sql, 'ENGINE=')) {
        $sql = Ebak_ToMysqlFour($sql);
    }
    //去除字段中的编码
    $sql = Ebak_ReplaceFieldChar($sql);
    return $sql;
}