View Single Post
  #13  
Old 11th June 2006, 09:03
EvanCarroll EvanCarroll is offline
Junior Member
 
Join Date: Jun 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
This is a small snippet of a PHP script that I wrote:

PHP Code:
    $columns $app->db->queryAllRecords("SHOW COLUMNS FROM ".$_POST['table']);
    
$columns array_slice($columns1);
    
$app->db->query("TRUNCATE ".$_POST['table']);
    
$app->uses('file');
    
$content file_get_contents($_FILES['file']['tmp_name']);
    
$lines explode("\n"$content);
    foreach(
$lines as $line){
      
$fields explode("\""$line);
      
$sql "INSERT INTO ".$_POST['table']."(";
      
$sql1 $sql2 '';
      
$l 0;
      for(
$i=0;$i<sizeof($fields);$i++){
        
$k 0;
        if(
substr($fields[$i],0,1) == '"' && substr($fields[$i],-1) != '"'){
          
$j $i 1;
          do {
            
$fields[$i] .= $fields[$j];
            
$j++;
            
$k++;
          } while(
substr($fields[$j-1],-1) != '"');
        }
        if(
substr($fields[$i],0,1) == '"' && substr($fields[$i],-1) == '"'$fields[$i] = substr($fields[$i],1,-1);

        
$fields[$i] = str_replace('""''"'$fields[$i]);
        
$sql1 .= $columns[$l]['Field'];
        
$l++;
        
$sql2 .= "'".addslashes($fields[$i])."'";
        if(
$i < (sizeof($fields)-1)){
          
$sql1 .= ',';
          
$sql2 .= ',';
        }
        
$i += $k;
      }
      
$sql .= $sql1.") VALUES (".$sql2.");";
      
//echo $sql."<br>";
      
$app->db->query($sql);
    } 
It should give you the idea.
it is vulnerable to a sql-injection attack.
Reply With Quote