FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


SQL Injection





deathseaker
Using php how would i inject a whole .sql file filled with [CREATE tablename( data values and such) and INSERT INTO tablename] into a database using php code? :s
DjinniFire
I've never done it but just wondering. If you're just transferring a database over using.sql you could just copy the contents of the .sql file and go to sql query in phpmyadmin and paste and query and it should create and insert everything that was in .sql file.
deathseaker
see ppl say that but what if i give my script to a friend and his hosting service dosnt offer pypMyAdmin?
MrBlueSky
If the PHP function system() is allowed on his host he can use mysqlimport. Create a php file which contains only this line:

Code:

<?php

  echo system('mysqlimport -u<his_sqlusername> -p<his_sqlpassword> <databasename> /path/to/sqldump.sql');

?>


where he inserts his username and mysql password. And for <databasename> he substitutes the database in which the data must be imported. It must be an existing database. The path to the .sql file must be absolute, not relative. Example:

Code:

<?php

  echo system('mysqlimport -ujohndoe -ppass123 johndoe_db /home/johndoe/htdocs/dump.sql');

?>




Then upload the .sql to the host and call the PHP file.

For more information on mysqlimport see: http://dev.mysql.com/doc/refman/4.1/en/mysqlimport.html
manav
Hi I use BigDump.php for this.It can be found at http://www.ozerov.de/bigdump.php
Usage
1. Open BigDump in a text editor and adjust the database configuration
2. Drop the old tables on the target database if your dump doesn't contain "DROP TABLE" (use phpMyAdmin)
3. Create the working directory (e.g. dump) on your web-server
4. If you want to upload the dump files directly from the web-browser give the scripts writing permissions on the working directory (e.g. make chmod 777 on a Linux based system). You can upload the dump files from the browser up to the size limit set by the current PHP configuration of the web-server. Alternatively you can upload any files via FTP.
5. Upload bigdump.php and the dump files (*.sql or *.gz) via FTP to the working directory (take care of TEXT mode upload for bigdump.php and dump.sql but BINARY mode for dump.gz if uploading from MS Windows).
6. Run the bigdump.php from your browser via URL like http://www.yourdomain.com/dump/bigdump.php . Now you can select the file to be imported from the listing of your working directory.
7. BigDump will start every next import session automatically if you enable the JavaScript in your browser.
8. Relax and wait for the script to finish. Do not close the browser window!
9. IMPORTANT: Remove bigdump.php and your dump files from your server
deathseaker
well before i try that bigdump thingy, think this would work?:

Like i was thinking:

Code:

<?php

//code above

function injectSQL($filename)
    global $root_path;
   
    $handle = fopen($root_path . 'install/data/' . $filename, "r");
    $query = "";
    $lines = explode("\n", fread($handle, 1024768));
    fclose($handle);
    foreach($lines as $line)
    {
        if(!(strpos($line,"//") == 0) && $line != "") //check for commented lines or blanks
        {
            $query .= $line;
            if(!(strpos($line,";") == false))
            {
                if($filename = "sql_data.sql")
                {
                    $query = str_replace(array('admin_username', 'admin_password', 'admin_email', 'admin_race', '00000000000000'), array($username, $password, $email, $race, time()), $query);
                }
                processQuery($query); //Function that loads the config.php file, connects to DB and processes query
                $query = "";
            }
        }
    }
}

//more code

//
// Create all needed tables
//
injectSQL("sql_tables.sql");

//
// Load values into new tables
//
injectSQL("sql_data.sql");

?>
deathseaker
forgot to ask is it possible to do mutiple "CREATE TABLE.." commands in a single query? or does it all have to be seperate for each CREATE? :s
deathseaker
and system() is disabled Sad
fromegame
I have a code for this somewhere, let me search for it, I'll edit soon.


EDIT:
Code:
$sql_query2 = remove_remarks($reader);
$sql_query = split_sql_file($sql_query2, ";");


for ($i=0;$i<count($sql_query);$i++)
{
   if (trim($sql_query[$i]) != '')
   {
      if (!$result = mysql_query($sql_query[$i]))
      {
echo "Ok<br>";
      }
      else
      {
echo "Not Ok<br>";
      }
   }
}


Code:
# To split sql files in queries


function split_sql_file($sql, $delimiter)
{
   $tokens = explode($delimiter, $sql);
   $sql = "";
   $output = array();
   $matches = array();
   $token_count = count($tokens);
   for ($i = 0; $i < $token_count; $i++)
   {
      if (($i != ($token_count - 1)) || (strlen($tokens[$i] > 0)))
      {
         $total_quotes = preg_match_all("/'/", $tokens[$i], $matches);
         $escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$i], $matches);
         $unescaped_quotes = $total_quotes - $escaped_quotes;
         if (($unescaped_quotes % 2) == 0)
         {
            $output[] = $tokens[$i];
            $tokens[$i] = "";
         }
         else
         {
            $temp = $tokens[$i] . $delimiter;
            $tokens[$i] = "";
            $complete_stmt = false;
            
            for ($j = $i + 1; (!$complete_stmt && ($j < $token_count)); $j++)
            {
               $total_quotes = preg_match_all("/'/", $tokens[$j], $matches);
               $escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$j], $matches);
               $unescaped_quotes = $total_quotes - $escaped_quotes;
               if (($unescaped_quotes % 2) == 1)
               {
                  $output[] = $temp . $tokens[$j];
                  $tokens[$j] = "";
                  $temp = "";
                  $complete_stmt = true;
                  $i = $j;
               }
               else
               {
                  $temp .= $tokens[$j] . $delimiter;
                  $tokens[$j] = "";
               }
               
            } // for..
         } // else
      }
   }

   return $output;
}


# To remove comments


function remove_remarks($sql)
{
   $lines = explode("\n", $sql);
   
   // try to keep mem. use down
   $sql = "";
   
   $linecount = count($lines);
   $output = "";

   for ($i = 0; $i < $linecount; $i++)
   {
      if (($i != ($linecount - 1)) || (strlen($lines[$i]) > 0))
      {
         if ($lines[$i][0] != "#")
         {
            $output .= $lines[$i] . "\n";
         }
         else
         {
            $output .= "\n";
         }
         // Trading a bit of speed for lower mem. use here.
         $lines[$i] = "";
      }
   }
   
   return $output;
   
}
Related topics
PHP Validation Class
How To : Secure Your PHP Website
postgreSQL
PHPBB Eklentileri
Where and how can i learn how to hack?
Best way to prevent SQL injection attacks
[man] phpBB 2.0.19 (Style Changer/Demo Mod) SQL Injection
protecting mysql databases from sql injection attacks
Hacked by someone sql Injection
how to use sql injection to retrive a column name ?
mod_security reports WordPress as SQL injection attack!
Can you improve my sql injection detection
SQL Injection
Is this a sign that my website can be SQL injected?
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.