NYCPHP Meetup

[nycphp-talk] Not-so-subtle attack on PHP

Jiju Thomas Mathew lists at silmail.com
Sat Sep 29 06:33:33 EDT 2007


Would some of you comment on the following bit?

class sqlDb
{
    var $link;
    function sqlDb($dsn){
        $pdsn = parse_url($dsn);
        if($pdsn['scheme'] !== 'mysql')
            die("System is designed for MySQL only.. Please Correct the
dsn");
        $mysql_db = preg_replace("@^\/@",'',$pdsn['path']);

        $this->link =
mysql_connect($pdsn['host'],$pdsn['user'],$pdsn['pass']) or die("Could not
connect");
        mysql_select_db($mysql_db) or die ("Could not select database");
    }

    function error($query, $errno, $error) {
        echo $error . "<br>" . $query;
        mysql_query("rollback");
        return false;
    }

    /**
     * Sends a query to the database
     *
     * @param sqlquery $query
     * @return result-resource
     */

      function query($query) {
            $result = mysql_query($query, $this->link) or
$this->error($query, mysql_errno(), mysql_error());
            return $result;
      }

      /**
       * Perform a modification query on database
       *
       * @param string $table
       * @param object $data
       * @param string $action
       * @param string $parameters
       * @return data resource
       */
  function perform($table, $data, $action = 'insert', $parameters = '') {
    reset($data);
    if ($action == 'insert') {
      $query = 'INSERT INTO ' . $table . ' (' . join(', ',
array_keys($data)) . ') VALUES (';
      reset($data);
      foreach ($data as $value){
          if(eregi("^func:", $value)){
               $query .= substr($value,5) . ', ';
          }else {
            switch ((string)$value) {
              case 'now()':
                $query .= 'NOW(), ';
                break;
              case 'null':
                $query .= 'NULL, ';
                break;
              default:
                $query .= '\'' . $this->input($value) . '\', ';
                break;
            }
        }
      }
      $query = substr($query, 0, -2) . ')';
    } elseif ($action == 'update') {
      $query = 'UPDATE ' . $table . ' SET ';
      foreach ($data as $columns => $value) {
          if(eregi("^func:", $value)){
               $query .= $columns . substr($value,5) . ', ';
          }else {
            switch ((string)$value) {
              case 'now()':
                $query .= $columns . ' = NOW(), ';
                break;
              case 'null':
                $query .= $columns . ' = NULL, ';
                break;
              case '++':
                $query .= $columns .' = '.$columns.' + 1, ';
                break;
              default:
                $query .= $columns . ' = \'' . $this->input($value) . '\',
';
                break;
            }
        }
      }
      $query = substr($query, 0, -2);
      if($parameters !== '')
          $query .= ' WHERE ' . $parameters;
    }
        return $this->query($query);
  }

  function fetch_object($result){
    return mysql_fetch_object($result);
  }

  function fetch_array($result) {
    return mysql_fetch_array($result, MYSQL_ASSOC);
  }

  function fetch_row($result) {
    return mysql_fetch_row($result);
  }

  function num_rows($result) {
    return mysql_num_rows($result);
  }

  function data_seek($result, $row_number) {
    return mysql_data_seek($result, $row_number);
  }

  function insert_id() {
    return mysql_insert_id();
  }

  function affected_rows() {
    return mysql_affected_rows();
  }

  function free_result($result) {
    return mysql_free_result($result);
  }

  function fetch_fields($result) {
    return mysql_fetch_field($result);
  }

  function output($string) {
    return htmlspecialchars($string);
  }

  function input($string) {
    return addslashes($string);
  }

  function prepare_input($string) {
    if (is_string($string)) {
      return trim(stripslashes($string));
    } elseif (is_array($string)) {
      reset($string);
      while (list($key, $value) = each($string)) {
        $string[$key] = $this->prepare_input($value);
      }
      return $string;
    } else {
      return $string;
    }
  }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070929/2be2653a/attachment.html>


More information about the talk mailing list