07-08-2006, 13:14
|
|
|
חבר מתאריך: 26.06.05
הודעות: 36
|
|
עיה מוזרה אם פונקציה
אוקי זה הולך ככה הנה הקוד
קוד PHP:
function Query($sql) { if ($sql) { if (ereg("^(select|insert|delete|update){1,}$",$sql)) { return 1;/* $this->errCheck = $this->holderLNKS[$this->objNum]->Execute($sql); $this->errSql = $sql; $this->errMsg = $this->holderLNKS[$this->objNum]->ErrorMsg(); */} } } function genrate_Sql($tables = array() ,$distinct , $fileds = array() , $where = " ",$join="", $group = "", $order = array(array("id" , "desc")) ,$between= "", $minLimit = 0 , $maxLimit = 50) { $sql = ""; if (count($tables)>=1) { if (count($fileds)>=1) { $distinct = ($distinct==1)?strtoupper('distinct'):""; $sql .= "Select $distinct \n\t"; $orderCount = count($order); $fildCounter =count($fileds); $tabCounter =count($tables); $innectcounter = 1; foreach ($tables as $k=>$tab) { $p = $tab; foreach ($fileds as $kay=>$filed) { if ($filed[0]==$p){ if ($kay == $fildCounter-1){ $f .= "$p.$filed[1]"; } else { $f .= "$p.$filed[1] , "; $innectcounter++; } } if ($innectcounter==6) { $f .= "\n\t"; $innectcounter = 1; } } if ($k != $tabCounter-1){ $t .= "$p , "; } else{ $t .= $p; } } $sql .= $f."\n\t\tFrom ".$t; if (!is_null($where)) { $sql .= "\n\t\tWhere $where"; } if (is_array($join)) { switch ($join[0]) { case 1: $sql .= "\n\t\tRIGHT JOIN "; break; case 2: $sql .= "\n\t\tLEFT JOIN "; break; case 3: $sql .= "\n\t\tINNER JOIN "; break; } $sql .= "$join[1] "; $sql .= "\n\t\tON $join[2]"; } if ($group) { $sql .="\n\t\t\tGroup By $group"; } foreach ($order as $k=>$val) { if ($orderCount-1 <= $k) { $r .= "$val[0] ".strtoupper($val[1]); } else { $r .= "$val[0] ".strtoupper($val[1]).", "; } } if (is_array($between)) { $sql.="\n\t\t\t"; if ($beween[0]=="n"){ $sql.="Not "; } $sql.="BETWEEN '$between[1]' AND '$between[2]'"; } $sql .="\n\t\t\tORDER BY $r"; $sql .="\n\t\t\tLimit $minLimit , $maxLimit"; } } return Query($sql); } echo "Password Check: ".md5(sha1(md5(base64_encode(bin2hex(hexdec(md5(123 45)))))))."\n"; $arrTab = array( TB_users ); $arrFil = array( array(TB_users , "id as id"), array(TB_users , "username as username") , array(TB_users , "password as pass") , array(TB_users ,"usertype as is_admin") , array(TB_users , "loged as loged") ); $pass = md5(sha1(md5(base64_encode(bin2hex(hexdec(md5(1234 5))))))); $user = "fastwings"; $where = TB_users .".username = '".$user."' and ".TB_users .".password = '$pass'"; echo "Sql Check: ".genrate_Sql($arrTab,0,$arrFil,$where);
הבעיה הולכת ככה הפונקציה genrate_Sql מוציאה לי כזה אינפוט
קוד:
SELECT users.id AS id, users.username AS username, users.password AS pass, users.usertype AS is_admin, users.loged AS loged
FROM users
WHERE users.username = 'fastwings'
AND users.password = '5d42884bf9814dfced18d0319305e3b3'
ORDER BY id DESC
LIMIT 0 , 50
עכשו הבעיה שפונקציה Query
לא בודקת אם זה משפט SQL וככה זה לא עובר
איך אני גורם לזה לעבור קחו בחשובן ש 100 אחוזר מהמקרים המשפט הוא יותר משורה אחת
|