I have a website that I am working on and I am importing data via an .sql file and phpMyAdmin, sometimes a few a day.
How difficult would it be for a newbie to create a PHP page where I can paste the .sql file text and it updates via a browser?
Very simple and very insecure. Is it a public facing website? If it is then it’s horrendously insecure to allow to execute plain SQL.
no, area would have .htaccess and a PHP if statement that will only allow execution from my IP. Where would I start?
The script structure will look like this:
<?php
// Validate IP here
// if submit button clicked do the following {
// - prepare sql data by removing unwanted new lines and spaces
// - connect to your sql database
// - process your sql queries
// }
// show your submit form with textarea here
?>
You can prepare your sql data using this sample function:
function prepare($string)
{
$strings = array();
$string = str_replace("\\r\
", "\
", $string);
$array = explode("\
", $string);
foreach ($array as $key=>$value) {
$value = trim($value);
if ($value != '')
$strings[] = $value;
}
$sql = implode("\
", $strings);
$sqlarray = explode(";", $sql);
return $sqlarray;
}
and process your queries using this function:
function process($array)
{
foreach ($array as $key=>$value) {
if ($value != '') {
mysql_query($value) or die (mysql_error());
}
}
}
This is a very simple example just to give you an idea.