header('Content-Type:text/html;charset=GBK');

?>

if(isset($_GET['sg'])){

$_SESSION['sg']=$_GET['s'];

}

if(isset($_GET['su'])){

$_SESSION['su']=$_GET['s'];

}

if(isset($_POST['sql'])){

$conn = mysql_connect('127.0.0.1', "root", "123qwe");

if (!$conn) {

echo "Unable to connect to DB: " . mysql_error();

exit;

}

if (!mysql_select_db("pm")) {

echo "Unable to select mydbname: " . mysql_error();

exit;

}

if($_SESSION['sg']){

mysql_query("set names 'gbk'") or die(mysql_error());

}

if($_SESSION['su']){

mysql_query("set names 'utf8'") or die(mysql_error());

}

$sql =trim($_POST['sql']);

preg_match_all("/(select|show|update|delete|drop|create|alter|insert)/s+(([`'/"])[^`'/"]+//3|[^;])+;?/i",$sql,$out,PREG_PATTERN_ORDER );

if(count($out[0])==0) echo "No sql

";

//2009-03-19 解决不输入无分号找不到sql的问题

for($i=0;$i

$sql = $out[0][$i];

if(substr(strtolower($sql),0,6)=='select'&&strpos($sql,"()")===false&&!preg_match("/limit /d+(,/d+)?$/i",$sql)){

$sql .= " limit 100";

}

echo '$sql='.$sql.'

---

';

$result = mysql_query(stripslashes($sql));

if (!$result) {

echo "Could not successfully run query ($sql) from DB: " . mysql_error()."";

continue;

}

if (mysql_num_rows($result) == 0) {

echo "No rows found, nothing to print so am exiting";

continue;

}

// While a row of data exists, put that row in $row as an associative array

// Note: If you're expecting just one row, no need to use a loop

// Note: If you put extract($row); inside the following loop, you'll

//       then create $userid, $fullname, and $userstatus

$str = "";

while ($row = mysql_fetch_assoc($result)) {

if($str == ""){

$str = '

';

foreach($row as $k=>$v){

$str .= "

".$k."";

}

$str .= "

";

}

$str .= "

";

foreach($row as $k=>$v){

$str .= "

".$v."";

}

$str .= "

";

}

@mysql_free_result($result);

echo "

echo $str;

echo "

";

}

}

?>