query.php - If any errors, exit. This includes empty results

/query.php

https://bitbucket.org/wlynch92/cs336-dbproject · PHP · 50 lines · 39 code · 9 blank · 2 comment · 6 complexity · 6996dce8ec4a206b151f2b4438b94460 MD5 · raw file


<?php
function query(){
    $input=$_POST['input'];
    echo $input."\n<br/>\n";
    $arr = explode(' ',trim($input));
    if (strtolower($arr[0])=="select"){

        $con = mysql_connect('cs336-64','csuser','cs277315');

        if (!$con){
            die(mysql_error());
        }

        mysql_select_db("cs336",$con);

        //echo $query."\n";
        $res = mysql_query($input,$con);
        // If any errors, exit. This includes empty results
        if (!$res){
            die(mysql_error());
        }

        for($i=0;$i<mysql_num_fields($res)-1;$i++){
            echo mysql_field_name($res,$i)." | ";
        }
        echo mysql_field_name($res,$i)."\n<br/>\n";

        
        while ($row = mysql_fetch_array($res)){
            for($i=0;$i<mysql_num_fields($res)-1;$i++){
                echo $row[$i]." | ";
            }
            echo $row[$i]."\n";
            echo "\n<br/>\n";
        }
        mysql_close($con);
    }
}
?>

<html>
    <body>
        <form action="query.php" method="post">
            Enter Query: <input type="text" name="input"><br>
            <input type="submit">
        </form>
        <?php query() ?>
   </body>
</html>

Alerts (5)

'$_POST[' Unbounded request input detected; limit size (e.g., check Content-Length or use max input vars) to prevent memory exhaustion
3
'mysql_connect(' Deprecated mysql_* functions; use PDO or MySQLi for modern database access
8
'die(' Abrupt termination detected; use try-catch or custom error handlers for better control
11 20
'mysql_fetch_array(' Deprecated mysql_* functions; use PDO or MySQLi for modern database access
29