<?php
class MyDB extends SQLite3 {
function __construct($dbname) {
$this->open($dbname);
}
}
// Open the DB
$db = new MyDB('minerals');
// Pick up the form fariables
$what = $_POST['what'];
// Look for anything fishy. Punt if there is.
if (preg_match('/;|"|\'|insert|drop|join|alter|delete|select|update|where/i', $what)) {
echo "<html><head><meta http-equiv=\"refresh\" content=\"0;URL='query.html'\" />";
exit;
}
// Check if there should be a where clause.
if ($_POST['where'] != "") {
$where = $_POST['where'];
// Check the where clause too:
if (preg_match('/;|"|insert|drop|join|alter|delete|select|update|where/i', $where)) {
echo "<html><head><meta http-equiv=\"refresh\" content=\"0;URL='query.html'\" />";
exit;
}
$whereClause = "where ". $where;
} else {
$whereClause = "";
}
// Build the query
$sql = "select $what from Minerals $whereClause";
// Execute the query
$result = $db->query($sql);
// Is there a result?
if ($result) {
echo "<table border=\"2px\"><tr>";
// Get and display the field names for the result as a table
$columns = $result->numColumns();
for($i = 0; $i < $columns; $i++) {
$fields[$i] = $result->columnName($i);
echo "<td><b><center>$fields[$i]<center><b></td>";
}
echo "</tr>";
// Fetch rows of the result indexed by field name and display
while($row = $result->fetchArray(SQLITE3_ASSOC) ) {
$outval = "";
echo "<tr>";
foreach($fields as $field ) {
if($field == "Image") {
$outval = $outval . "<td><img src=".$row[$field]."></td>";
} else {
$outval = $outval . "<td>$row[$field]</td>";
}
}
echo $outval;
echo "</tr>";
}
echo "</table>";
} else {
echo "No results!";
}
embedded systems to learn and create – 10 years of making, learning and sharing