$result = $s->sel('SELECT * FROM users WHERE username = "%s" AND password = md5("%s")',$username,$password);
By : voldomazta
<?php
class SQL { var $db;
function SQL() { $this->db = mysql_connect('localhost','uname','pword'); mysql_select_db('dbname',$this->db); }
function sel() { $argv = func_get_args(); $qtype = substr(trim($argv[0]),0,6); if (strtolower($qtype) != 'select') { return false; } if (count($argv) > 1) { eval($this->analyze($argv)); } $query = mysql_query($sql,$this->db) or die(mysql_error()); return mysql_fetch_array($query); }
function ins() { $argv = func_get_args(); $qtype = substr(trim($argv[0]),0,6); if (strtolower($qtype) != 'insert') { return false; } if (count($argv) > 1) { eval($this->analyze($argv)); } if (mysql_query($sql,$this->db)) { return true; } }
function upd() { $argv = func_get_args(); $qtype = substr(trim($argv[0]),0,6); if (strtolower($qtype) != 'update') { return false; } if (count($argv) > 1) { eval($this->analyze($argv)); } if (mysql_query($sql,$this->db)) { return true; } }
function quote($str) { return str_pad($str, strlen($str)+2 , '"', STR_PAD_BOTH); }
function analyze($argv) { $sql = $argv[0]; unset($argv[0]); preg_match_all('/(\%[a-z]{1})/',$sql,$specifiers); $s_count = count($specifiers[0]); if ($s_count == 0) { die('You have no variables to substitute in your SQL query.'); } elseif (count($argv) != $s_count) { die('The number of specifiers in your query do not equal the number of arguments.'); } $line = sprintf('$sql = sprintf(\'%s\'',$sql); foreach ($argv as $k=>$arg) { $s = str_replace('%','',$specifiers[0][$k - 1]); $line .= ', '; $float = array('f','F'); $integer = array('u','d','b','o'); $string = array('x','X','s','e','c'); if (in_array($s,$float)) { $line .= (float)$arg; } elseif (in_array($s,$integer)) { $line .= (int)$arg; } elseif (in_array($s,$string)) { $line .= $this->quote($arg); } else { die('You have included an appropriate specifier "%' . $s . '" in your SQL query.'); } } $line .= ');'; return $line; } }
?>
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.
