1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
<?
require_once("ajxresponse.php");
class AjxResponse_Db extends AjxResponse {
var $resultArr;
var $db = NULL;
var $names = NULL;
function AjxResponse_Db($referrer) {
parent::AjxResponse($referrer);
}
function Alias($names) {
$this->names = $names;
}
function Exploit($table, $fields, $names, $values) {
if($this->AssertReferrer()) {
global $LIBPATH;
global $db_name;
global $db_host;
global $db_password;
global $db_usrName;
$retCode = 1;
$message = "";
$this->db = new DbMysql($db_host, $db_usrName, $db_password, $db_name);
//$this->db->query_echo = 1;
if(!$this->db->bConnected) {
$retCode = 5; // unable to connect
$message = "Unable to connect to database";
}
else {
$this->resultArr = $this->db->Select($table, $fields, $names, $values);
if(count($this->resultArr) == 0) {
$retCode = 4; // emty selection
$message = "No records found.";
}
}
$fields_ = array();
$this->XML = "<Response>";
$this->XML.="<Result>";
$this->XML.="<Code>$retCode</Code>";
$this->XML.="<Message>$message</Message>";
$this->XML.="</Result>";
if($fields != NULL) {
if($retCode!=4) {
$this->XML.="<FieldNames>";
$i = 0;
foreach($this->names as $field) {
$this->XML.="<Field_$i>$field</Field_$i>";
$i++;
}
$i=0;
foreach($fields as $field)
$fields_[]=$field;
$i++;
}
$this->XML.="</FieldNames>";
}
else if(count($this->resultArr)) {
$ret = $this->resultArr[0];
$i = 0;
$this->XML.="<FieldNames>";
foreach($table->rows as $row) {
$this->XML.="<Field_$i>". $row->name ."</Field_$i>";
$fields_[]=$row->name;
$i++;
}
$this->XML.="</FieldNames>";
}
$i = 0;
foreach($this->resultArr as $result) {
$this->XML.="<Data_$i>";
foreach($fields_ as $field) {
$this->XML.="<$field>";
$this->XML.=$result->$field;
$this->XML.="</$field>";
}
$this->XML.="</Data_$i>";
$i++;
}
$this->XML.= "</Response>";
}
}
}
?>
|