Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
94 lines (88 sloc) 2.91 KB
<?php
// translator ready
// addnews ready
// mail ready
require_once("common.php");
require_once("lib/http.php");
tlschema("rawsql");
check_su_access(SU_RAW_SQL);
page_header("Raw SQL/PHP execution");
require_once("lib/superusernav.php");
superusernav();
addnav("Execution");
addnav("SQL","rawsql.php");
addnav("PHP","rawsql.php?op=php");
$op = httpget("op");
if ($op=="" || $op=="sql"){
$sql = httppost('sql');
if ($sql != "") {
$sql = stripslashes($sql);
modulehook("rawsql-execsql",array("sql"=>$sql));
$r = db_query($sql, false);
if (!$r) {
output("`\$SQL Error:`& %s`0`n`n",db_error($r));
} else {
if (db_affected_rows() > 0) {
output("`&%s rows affected.`n`n",db_affected_rows());
} else {
output("No rows have been changed.`n`n");
}
rawoutput("<table cellspacing='1' cellpadding='2' border='0' bgcolor='#999999'>");
if ($r!==true) {
// if $r===true, it was an UPDATE or DELETE statement, which obviously has no result lines
$number = db_num_rows($r);
for ($i = 0; $i < $number; $i++) {
$row = db_fetch_assoc($r);
if ($i == 0) {
rawoutput("<tr class='trhead'>");
$keys = array_keys($row);
foreach ($keys as $value) {
rawoutput("<td>$value</td>");
}
rawoutput("</tr>");
}
rawoutput("<tr class='".($i%2==0?"trlight":"trdark")."'>");
foreach ($keys as $value) {
rawoutput("<td valign='top'>{$row[$value]}</td>");
}
rawoutput("</tr>");
}
}
rawoutput("</table>");
}
}
output("Type your query");
$execute = translate_inline("Execute");
$ret = modulehook("rawsql-modsql",array("sql"=>$sql));
$sql = $ret['sql'];
rawoutput("<form action='rawsql.php' method='post'>");
rawoutput("<textarea name='sql' class='input' cols='60' rows='10'>".htmlentities($sql, ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."</textarea><br>");
rawoutput("<input type='submit' class='button' value='$execute'>");
rawoutput("</form>");
addnav("", "rawsql.php");
}else{
$php = stripslashes(httppost("php"));
$source = translate_inline("Source:");
$execute = translate_inline("Execute");
if ($php>""){
rawoutput("<div style='background-color: #FFFFFF; color: #000000; width: 100%'><b>$source</b><br>");
rawoutput(highlight_string("<?php\n$php\n?>",true));
rawoutput("</div>");
output("`bResults:`b`n");
modulehook("rawsql-execphp",array("php"=>$php));
ob_start();
eval($php);
output(ob_get_contents(),true);
ob_end_clean();
}
output("`n`nType your code:");
$ret = modulehook("rawsql-modphp",array("php"=>$php));
$php = $ret['php'];
rawoutput("<form action='rawsql.php?op=php' method='post'>");
rawoutput("&lt;?php<br><textarea name='php' class='input' cols='60' rows='10'>".htmlentities($php, ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."</textarea><br>?&gt;<br>");
rawoutput("<input type='submit' class='button' value='$execute'>");
rawoutput("</form>");
addnav("", "rawsql.php?op=php");
}
page_footer();
?>
You can’t perform that action at this time.