search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed for quotes, HTML entities and other weird characters in db/table name.
[phpmyadmin/crack.git] / libraries / sqlvalidator.lib.php3
blob9dbcc29b3e73a6688929a3a1988a2fe05d108511
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * SQL Validator interface for phpMyAdmin
8 *
9 * Copyright 2002 Robin Johnson <robbat2@users.sourceforge.net>
10 * http://www.orbis-terrarum.net/?l=people.robbat2
11 *
12 * This function uses the Mimer SQL Validator service
13 * <http://developer.mimer.com/validator/index.htm> from phpMyAdmin
14 *
15 * Copyright for Server side validator systems:
16 * "All SQL statements are stored anonymously for statistical purposes.
17 * Mimer SQL Validator, Copyright 2002 Upright Database Technology.
18 * All rights reserved."
19 *
20 * All data is transported over HTTP-SOAP
21 * And uses the PEAR SOAP Module
22 *
23 * Install instructions for PEAR SOAP
24 * Make sure you have a really recent PHP with PEAR support
25 * run this: "pear install Mail_Mime Net_DIME SOAP"
26 *
27 * Enable the SQL Validator options in the configuration file
28 * $cfg['SQLQuery']['Validate'] = TRUE;
29 * $cfg['SQLValidator']['use'] = FALSE;
30 *
31 * Also set a username and password if you have a private one
32 */
33
34
35 if (!defined('PMA_SQL_VALIDATOR_INCLUDED')) {
36 define('PMA_SQL_VALIDATOR_INCLUDED', 1);
37
38 // We need the PEAR libraries, so do a minimum version check first
39 // I'm not sure if PEAR was available before this point
40 // For now we actually use a configuration flag
41 if ($cfg['SQLValidator']['use'] == TRUE) {
42 // We cannot check && !defined(PMA_SQL_VALIDATOR_CLASS_INCLUDED))
43 // as it will produce a nasty warning message
44 include('./libraries/sqlvalidator.class.php3');
45 } // if ($cfg['SQLValidator']['use'] == TRUE)
46
47
48 /**
49 * This function utilizes the Mimer SQL Validator service
50 * to validate an SQL query
51 *
52 * <http://developer.mimer.com/validator/index.htm>
53 *
54 * @param string SQL query to validate
55 *
56 * @return string Validator result string
57 *
58 * @global array The PMA configuration array
59 */
60 function PMA_validateSQL($sql)
61 {
62 global $cfg;
63
64 $str = '';
65
66 if ($cfg['SQLValidator']['use']) {
67 if (isset($GLOBALS['sqlvalidator_error'])
68 && $GLOBALS['sqlvalidator_error']) {
69 $str = sprintf($GLOBALS['strValidatorError'], '<a href="./Documentation.html#faqsqlvalidator" target="documentation">', '</a>');
70 } else {
71 // create new class instance
72 $srv = new PMA_SQLValidator();
73
74 // Checks for username settings
75 // The class defaults to anonymous with an empty password
76 // automatically
77 if ($cfg['SQLValidator']['username'] != '') {
78 $srv->setCredentials($cfg['SQLValidator']['username'], $cfg['SQLValidator']['password']);
79 }
80
81 // Identify ourselves to the server properly...
82 $srv->appendCallingProgram('phpMyAdmin', PMA_VERSION);
83
84 // ... and specify what database system we are using
85 $srv->setTargetDbms('MySQL', PMA_MYSQL_STR_VERSION);
86
87 // Log on to service
88 $srv->start();
89
90 // Do service validation
91 $str = $srv->validationString($sql);
92 }
93
94 } // end if
95
96 /*
97 else {
98 // The service is not available so note that properly
99 $str = $GLOBALS['strValidatorDisabled'];
100 } // end if... else...
101 */
102
103 // Gives string back to caller
104 return $str;
105 } // end of the "PMA_validateSQL()" function
106
107 } // $__PMA_SQL_VALIDATOR__
108
109 ?>
Drizzle / GSOC 2011