Location: PHPKode > scripts > SQL Parse Convert to Tree Array > sql-parse-convert-to-tree-array/exploitation_example.php
<?


    require 'dqml2tree.php';

    $sql = "INSERT INTO mytable (myfield1, myfield2) VALUES (123, 'abc');";
    echo $sql . "\n";
    $dqml = new dqml2tree($sql);
    $tree = $dqml->make();

    function insert_to_array($tree) {
        if (isset($tree['SQL']['INSERT'])) {
            $objet = $tree['SQL']['INSERT']['INTO']['0|*INSERT']['TABLE'];
            $insert = Array();
            foreach ($tree['SQL']['INSERT']['INTO']['1|*INSERT']['1|*INSERT'] as $into_id => $field) {
                $into_ids = explode('|', $into_id);
                $champ_id = $into_ids[0];
                $name = $field['FIELD'];

                $value = trim($tree['SQL']['INSERT']['VALUES']['VALUES'][$champ_id . '|*VALUES']['VAL'], "'");
                $insert[$name] = $value;
            }
        }
        return $insert;
    }


    echo "INSERT\n";
    print_r(insert_to_array($tree));


    $sql = "UPDATE mytable SET myfield='abc';";
    echo $sql . "\n";
    $dqml = new dqml2tree($sql);
    $tree = $dqml->make();

    function update_set_to_array($tree) {
        if (isset($tree['SQL']['UPDATE'])) {
            $update = Array();
            $objet = $tree['SQL']['UPDATE']['0|*UPDATE']['TABLE'];
            if (isset($tree['SQL']['UPDATE']['SET']['0|*SET'])) {
                foreach ($tree['SQL']['UPDATE']['SET'] as $set_id => $sets) {
                    $name = $sets['0|#SET']['FIELD'];
                    $value = trim($sets['1|#SET']['VAL'], "'");
                    $update[$name] = $value;
                }
            }
            else {
                $update[$tree['SQL']['UPDATE']['SET']['0|#SET']['FIELD']] = trim($tree['SQL']['UPDATE']['SET']['1|#SET']['VAL'], "'");
            }
        }
        return $update;
    }

    echo "UPDATE SET\n";
    print_r(update_set_to_array($tree));

    function update_where_alone_or_exclusively_separated_by_and_to_array($tree) {

        $where = Array();
        if (isset($tree['SQL']['UPDATE']['WHERE']['0|*AND'])) {
            foreach ($tree['SQL']['UPDATE']['WHERE'] as $where_id => $wheres) {
                $name = $wheres['0|!EQ']['FIELD'];
                $value = '';
                if (isset($wheres['1|!EQ']['VAL']))
                    $value = trim($wheres['1|!EQ']['VAL'], "'");
                if (isset($wheres['1|!EQ']['FIELD']))
                    $value = trim($wheres['1|!EQ']['FIELD'], "'");
                $where[$name] = $value;

            }
        }
        else {
            if (isset($tree['SQL']['UPDATE']['WHERE']['1|!EQ']['VAL']))
            $where[$tree['SQL']['UPDATE']['WHERE']['0|!EQ']['FIELD']] = trim($tree['SQL']['UPDATE']['WHERE']['1|!EQ']['VAL'], "'");
            elseif (isset($tree['SQL']['UPDATE']['WHERE']['1|!EQ']['FIELD']))
            $where[$tree['SQL']['UPDATE']['WHERE']['0|!EQ']['FIELD']] = trim($tree['SQL']['UPDATE']['WHERE']['1|!EQ']['FIELD'], "'");
        }

        return $where;
    }


    $sql = "UPDATE mytable SET myfield1=123, myfield2='abc' WHERE myfield3='def' AND myfield4=4;";
    echo $sql . "\n";
    $dqml = new dqml2tree($sql);
    $tree = $dqml->make();

    echo "UPDATE SET\n";
    print_r(update_set_to_array($tree));
    
    echo "UPDATE WHERE (must exclusively be separated by and)\n";
    print_r(update_where_alone_or_exclusively_separated_by_and_to_array($tree));
?>
Return current item: SQL Parse Convert to Tree Array