[nycphp-talk] Not-so-subtle attack on PHP
Jiju Thomas Mathew
lists at silmail.com
Sat Sep 29 06:33:33 EDT 2007
Would some of you comment on the following bit?
class sqlDb
{
var $link;
function sqlDb($dsn){
$pdsn = parse_url($dsn);
if($pdsn['scheme'] !== 'mysql')
die("System is designed for MySQL only.. Please Correct the
dsn");
$mysql_db = preg_replace("@^\/@",'',$pdsn['path']);
$this->link =
mysql_connect($pdsn['host'],$pdsn['user'],$pdsn['pass']) or die("Could not
connect");
mysql_select_db($mysql_db) or die ("Could not select database");
}
function error($query, $errno, $error) {
echo $error . "<br>" . $query;
mysql_query("rollback");
return false;
}
/**
* Sends a query to the database
*
* @param sqlquery $query
* @return result-resource
*/
function query($query) {
$result = mysql_query($query, $this->link) or
$this->error($query, mysql_errno(), mysql_error());
return $result;
}
/**
* Perform a modification query on database
*
* @param string $table
* @param object $data
* @param string $action
* @param string $parameters
* @return data resource
*/
function perform($table, $data, $action = 'insert', $parameters = '') {
reset($data);
if ($action == 'insert') {
$query = 'INSERT INTO ' . $table . ' (' . join(', ',
array_keys($data)) . ') VALUES (';
reset($data);
foreach ($data as $value){
if(eregi("^func:", $value)){
$query .= substr($value,5) . ', ';
}else {
switch ((string)$value) {
case 'now()':
$query .= 'NOW(), ';
break;
case 'null':
$query .= 'NULL, ';
break;
default:
$query .= '\'' . $this->input($value) . '\', ';
break;
}
}
}
$query = substr($query, 0, -2) . ')';
} elseif ($action == 'update') {
$query = 'UPDATE ' . $table . ' SET ';
foreach ($data as $columns => $value) {
if(eregi("^func:", $value)){
$query .= $columns . substr($value,5) . ', ';
}else {
switch ((string)$value) {
case 'now()':
$query .= $columns . ' = NOW(), ';
break;
case 'null':
$query .= $columns . ' = NULL, ';
break;
case '++':
$query .= $columns .' = '.$columns.' + 1, ';
break;
default:
$query .= $columns . ' = \'' . $this->input($value) . '\',
';
break;
}
}
}
$query = substr($query, 0, -2);
if($parameters !== '')
$query .= ' WHERE ' . $parameters;
}
return $this->query($query);
}
function fetch_object($result){
return mysql_fetch_object($result);
}
function fetch_array($result) {
return mysql_fetch_array($result, MYSQL_ASSOC);
}
function fetch_row($result) {
return mysql_fetch_row($result);
}
function num_rows($result) {
return mysql_num_rows($result);
}
function data_seek($result, $row_number) {
return mysql_data_seek($result, $row_number);
}
function insert_id() {
return mysql_insert_id();
}
function affected_rows() {
return mysql_affected_rows();
}
function free_result($result) {
return mysql_free_result($result);
}
function fetch_fields($result) {
return mysql_fetch_field($result);
}
function output($string) {
return htmlspecialchars($string);
}
function input($string) {
return addslashes($string);
}
function prepare_input($string) {
if (is_string($string)) {
return trim(stripslashes($string));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = $this->prepare_input($value);
}
return $string;
} else {
return $string;
}
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070929/2be2653a/attachment.html>
More information about the talk
mailing list