PHP Classes

exploitation_example.php - Fixes (dqml2tree.php)

Recommend this page to a friend!

      SQL Parse Convert to Tree Array  >  All threads  >  exploitation_example.php - Fixes...  >  (Un) Subscribe thread alerts  
Subject:exploitation_example.php - Fixes...
Summary:exploitation_example.php - Fixes (dqml2tree.php)
Messages:1
Author:Ilidio
Date:2015-08-06 00:58:06
 

  1. exploitation_example.php - Fixes...   Reply   Report abuse  
Picture of Ilidio Ilidio - 2015-08-06 00:58:06
<?
// https://www.dropbox.com/s/6vf4vngwywxzlpm/dqml2tree.php?dl=0

require 'dqml2tree.php';

$sql = "INSERT INTO mytable (myfield1, myfield2) VALUES (123, 'abc');";
echo $sql . "\n";
$dqml = new dqml2tree($sql);
$tree = $dqml->make();

function insert_to_array($tree) {
if (isset($tree['SQL']['INSERT'])) {
$objet = $tree['SQL']['INSERT']['INTO']['0|*INSERT']['TABLE'];
$insert = Array();
// if(isset())
foreach ($tree['SQL']['INSERT']['INTO']['1|*INSERT']['INTO'] as $into_id => $field) {
$into_ids = explode('|', $into_id);
$champ_id = $into_ids[0];
if(isset( $field['FIELD'])){
$name = $field['FIELD'];

$value = trim($tree['SQL']['INSERT']['VALUES']['VALUES'][$champ_id . '|*VALUES']['VAL'], "'");
$insert[$name] = $value;
}
}
}
return $insert;
}


echo "<br/>INSERT\n";
echo "<pre>";
print_r($tree);
echo "</pre>";

echo "<pre>";
print_r(insert_to_array($tree));
echo "</pre>";

echo "<hr/>";

$sql = "UPDATE mytable SET myfield='abc';";
echo $sql . "\n";
$dqml = new dqml2tree($sql);
$tree = $dqml->make();

function update_set_to_array($tree) {
if (isset($tree['SQL']['UPDATE'])) {
$update = Array();
$objet = $tree['SQL']['UPDATE']['0|*UPDATE']['TABLE'];
if (isset($tree['SQL']['UPDATE']['SET']['0|*SET'])) {
foreach ($tree['SQL']['UPDATE']['SET'] as $set_id => $sets) {
$name = $sets['0|#SET']['FIELD'];
$value = trim($sets['1|#SET']['VAL'], "'");
$update[$name] = $value;
}
}
else {
$update[$tree['SQL']['UPDATE']['SET']['0|#SET']['FIELD']] = trim($tree['SQL']['UPDATE']['SET']['1|#SET']['VAL'], "'");
}
}
return $update;
}

echo "UPDATE SET\n";
echo "<pre>";
print_r(update_set_to_array($tree));
echo "</pre>";

function update_where_alone_or_exclusively_separated_by_and_to_array($tree) {

$where = Array();
if (isset($tree['SQL']['UPDATE']['WHERE']['0|*AND'])) {
foreach ($tree['SQL']['UPDATE']['WHERE'] as $where_id => $wheres) {
$name = $wheres['0|!EQ']['FIELD'];
$value = '';
if (isset($wheres['1|!EQ']['VAL']))
$value = trim($wheres['1|!EQ']['VAL'], "'");
if (isset($wheres['1|!EQ']['FIELD']))
$value = trim($wheres['1|!EQ']['FIELD'], "'");
$where[$name] = $value;

}
}
else {
if (isset($tree['SQL']['UPDATE']['WHERE']['1|!EQ']['VAL']))
$where[$tree['SQL']['UPDATE']['WHERE']['0|!EQ']['FIELD']] = trim($tree['SQL']['UPDATE']['WHERE']['1|!EQ']['VAL'], "'");
elseif (isset($tree['SQL']['UPDATE']['WHERE']['1|!EQ']['FIELD']))
$where[$tree['SQL']['UPDATE']['WHERE']['0|!EQ']['FIELD']] = trim($tree['SQL']['UPDATE']['WHERE']['1|!EQ']['FIELD'], "'");
}

return $where;
}


$sql = "UPDATE mytable SET myfield1=123, myfield2='abc' WHERE myfield3='def' AND myfield4=4;";
echo $sql . "\n";
$dqml = new dqml2tree($sql);
$tree = $dqml->make();
echo "<br/>";
echo "UPDATE SET\n";
echo "<pre>";
print_r(update_set_to_array($tree));
echo "</pre><br/>";
echo "UPDATE WHERE (must exclusively be separated by and)\n";
echo "<pre>";
print_r(update_where_alone_or_exclusively_separated_by_and_to_array($tree));
echo "</pre>";
?>