homepage Welcome to WebmasterWorld Guest from 54.235.39.132
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Databases
Forum Library, Charter, Moderators: physics

Databases Forum

    
MySQL "Query Window"?
webfoo




msg:4272815
 5:46 am on Feb 26, 2011 (gmt 0)

Hello All,

I am looking for a simple PHP system, where
1. The user types SQL commands into a form field.
2. The PHP performs said query on a pre-defined database.
3. The PHP echoes the results in a user-friendly way.

Does anything like this exist?

 

webfoo




msg:4272985
 5:30 pm on Feb 26, 2011 (gmt 0)

I found a system that can do this, over at Tek-Tips. Short, sweet, and to the point.

The code is as follows, broken into two files:

database.php

<?php
function getInfo($sql)
{
$dbuser = "user";
$dbpass = "pass";
$dbname = "localhost";

$db = mysql_connect($dbname,$dbuser,$dbpass);
$dbase = @mysql_select_db("mydb", $db) or die("Unable to select database.");

if (!$dbase)
{
exit("Unable to connect to database: " . $dbase);
}
$res = mysql_query($sql, $db);
mysql_close($db);
return $res;
}
?>


index.php

<?php
require("../database.php");
// contains method getInfo("sql") which returns the record
?>

<html>
<head>
<title>SQL Execute</title>
</head>
<body>
<form action="?" method="post">
<textarea name="query" cols="20" rows="5"></textarea><br>
<input type="submit" value="Submit">
</form>

<?php
$query = $_POST['query'];

if (isset($query))
{
$query = stripslashes($query);
if (stristr(" " . $query,'SELECT')) // Working with PHP 4...
{
echo "Query: " . $query . "<br>";
echo "<table border=\"1\" cellpadding=\"3\">";
echo "<tr>";
$rs = getInfo($query);
if (!$rs)
{
exit("Error in query: " . mysql_error());
}
for ($i=0; $i<mysql_num_fields($rs); $i++)
{
echo "<th>" . mysql_field_name($rs,$i) . "</th>";
}
echo "</tr>";
while ($arr = mysql_fetch_array($rs, MYSQL_NUM))
{
echo "<tr>";
for ($j=0; $j<count($arr); $j++)
{
echo "<td>" . $arr[$j] . "</td>";
}
echo "</tr>";
}
echo "</table>";
}
else
{
echo $query . "<br>";
$rs = getInfo($query);
echo "Result: ";
if ($rs == TRUE)
echo "Successful";
else if ($rs == FALSE)
echo "Unsuccessful: " . mysql_error();
else
echo "'" . $rs . "'";
}
}
?>

</body>
</html>


Copied from: [tek-tips.com...]

[edited by: webfoo at 5:33 pm (utc) on Feb 26, 2011]

webfoo




msg:4272986
 5:30 pm on Feb 26, 2011 (gmt 0)

Also note that this code should be secured so only admins can run queries.

rocknbil




msg:4274724
 5:06 pm on Mar 1, 2011 (gmt 0)

Even if it's behind a login . . . one might add stuff to filter

delete from `table`
drop `table`
update `table` set `userid`='myID'

If possible, you could alleviate all that by creating a user with only read privileges, assign that user in getInfo.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Databases
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved