mysql数据库批量导入和执行程序
<?// 允许脚本在register globals =off 时工作
$onoff =@ini_get('register_globals')||get_cfg_var('register_globals');
if ($onoff != 1) {
@extract($_POST, EXTR_SKIP);
@extract($_GET, EXTR_SKIP);
}
// 去掉转义字符
function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval
($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var)){
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
// 若 magic_quotes_gpc 打开,调用 stripslashes_array()函数去掉转义字符
if (get_magic_quotes_gpc()) {
$_POST = stripslashes_array($_POST);
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>mysql数据库批量导入和执行程序</title>
<style type="text/css">
body,td {
font-family: "sans-serif";
font-size: "12px";
line-height: "150%";
}
.INPUT {
FONT-SIZE: "12px";
COLOR: "#000000";
BACKGROUND-COLOR: "#FFFFFF";
height: "18px";
border: "1px solid #666666";
}
</style>
</head>
<body style="table-layout:fixed; word-break:break-all">
<center>
<?
if ($_GET['action'] == "sql") {
$servername = isset($servername) ? $servername : 'localhost';
$dbusername = isset($dbusername) ? $dbusername : 'root';
$dbpassword = isset($dbpassword) ? $dbpassword : '';
$dbname = isset($dbname) ? $dbname : '';
}
if($doquery) {
if(@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname))
{
echo "数据库连接执行!\n";
}
else
{
echo "出错: ".mysql_error();
}
$a_query = explode(";",$_POST['sql_query']);
while (list(,$query) = each($a_query)) {
$query = trim($query);
if ($query) {
if (strstr($query,'CREATE TABLE')) {
ereg('CREATE TABLE ([^ ]*)',$query,$regs);
mysql_query("DROP TABLE IF EXISTS $regs");
echo "<p>正在建立表: ".$regs." …… ";
$result=@mysql_query($query);
if ($result)
{
echo "成功!</p>\n";
} else {
echo "失败!</p>\n";
}
} else {
$result=@mysql_query($query);
echo ($result) ? "SQL语句成功执行\n" : "出错: ".mysql_error();
}
}
}
mysql_close();
}
elseif(connect){
if(@mysql_connect($servername,$dbusername,$dbpassword) AND @mysql_select_db($dbname)) {
echo "数据库连接执行!\n";
}else{
echo "出错: ".mysql_error();
}
}
?>
<table width="760" border="0" cellpadding="3" cellspacing="1" bgcolor="#ffffff">
<tr class="firstalt">
<td align="center">mysql数据库批量导入和执行程序</td>
</tr>
<form action="?action=sql" method="POST">
<tr class="secondalt">
<td align="center">Host:
<input name="servername" type="text" class="INPUT" value="<?=$servername?>">
User:
<input name="dbusername" type="text" class="INPUT" size="15" value="<?=$dbusername?>">
Pass:
<input name="dbpassword" type="text" class="INPUT" size="15" value="<?=$dbpassword?>">
DB:
<input name="dbname" type="text" class="INPUT" size="15" value="<?=$dbname?>">
<input name="connect" type="submit" class="INPUT" value="连接"></td>
</tr>
<tr class="firstalt">
<td align="center"><textarea name="sql_query" cols="85" rows="10"></textarea></td>
</tr>
<tr class="secondalt">
<td align="center"><input type="submit" name="doquery" value="执行" class="input"></td>
</tr>
</form>
</table>
</body>
</html> 傻子来了
回复 2# 的帖子
:@ :@wd 白 kk他们在cs你为咩不去?:@ 原帖由 疏林阁 于 2007-12-30 18:16 发表 http://www.jgwy.net/images/common/back.gif
:@ :@wd 白 kk他们在cs
你为咩不去?:@
哥哥要吃饭:$ 楼主头像程序公布一份吧 这个程序
好象前两天再哪个辕马里见过 高手啊............... 从phpspy分离出来的数据库备份和恢复软件
phpspy是php后门木马。
页:
[1]