| MySQL "Query Window"?
|
webfoo
msg:4272815 | 5:46 am on Feb 26, 2011 (gmt 0) |
Hello All,
I am looking for a simple PHP system, where
1. The user types SQL commands into a form field.
2. The PHP performs said query on a pre-defined database.
3. The PHP echoes the results in a user-friendly way.
Does anything like this exist?
|
webfoo
msg:4272985 | 5:30 pm on Feb 26, 2011 (gmt 0) |
I found a system that can do this, over at Tek-Tips. Short, sweet, and to the point.
The code is as follows, broken into two files:
database.php
<?php
function getInfo($sql)
{
$dbuser = "user";
$dbpass = "pass";
$dbname = "localhost";
$db = mysql_connect($dbname,$dbuser,$dbpass);
$dbase = @mysql_select_db("mydb", $db) or die("Unable to select database.");
if (!$dbase)
{
exit("Unable to connect to database: " . $dbase);
}
$res = mysql_query($sql, $db);
mysql_close($db);
return $res;
}
?>
|
|
index.php
<?php
require("../database.php");
// contains method getInfo("sql") which returns the record
?>
<html>
<head>
<title>SQL Execute</title>
</head>
<body>
<form action="?" method="post">
<textarea name="query" cols="20" rows="5"></textarea><br>
<input type="submit" value="Submit">
</form>
<?php
$query = $_POST['query'];
if (isset($query))
{
$query = stripslashes($query);
if (stristr(" " . $query,'SELECT')) // Working with PHP 4...
{
echo "Query: " . $query . "<br>";
echo "<table border=\"1\" cellpadding=\"3\">";
echo "<tr>";
$rs = getInfo($query);
if (!$rs)
{
exit("Error in query: " . mysql_error());
}
for ($i=0; $i<mysql_num_fields($rs); $i++)
{
echo "<th>" . mysql_field_name($rs,$i) . "</th>";
}
echo "</tr>";
while ($arr = mysql_fetch_array($rs, MYSQL_NUM))
{
echo "<tr>";
for ($j=0; $j<count($arr); $j++)
{
echo "<td>" . $arr[$j] . "</td>";
}
echo "</tr>";
}
echo "</table>";
}
else
{
echo $query . "<br>";
$rs = getInfo($query);
echo "Result: ";
if ($rs == TRUE)
echo "Successful";
else if ($rs == FALSE)
echo "Unsuccessful: " . mysql_error();
else
echo "'" . $rs . "'";
}
}
?>
</body>
</html>
|
|
Copied from: [tek-tips.com...] [edited by: webfoo at 5:33 pm (utc) on Feb 26, 2011]
|
webfoo
msg:4272986 | 5:30 pm on Feb 26, 2011 (gmt 0) |
Also note that this code should be secured so only admins can run queries.
|
rocknbil
msg:4274724 | 5:06 pm on Mar 1, 2011 (gmt 0) |
Even if it's behind a login . . . one might add stuff to filter
delete from `table`
drop `table`
update `table` set `userid`='myID'
If possible, you could alleviate all that by creating a user with only read privileges, assign that user in getInfo.
|
|
|
