77 lines
2.1 KiB
PHP
77 lines
2.1 KiB
PHP
|
|
<?php
|
||
|
|
|
||
|
|
/**
|
||
|
|
* 文件功能:后台 SQL 探针
|
||
|
|
* (替代原版 SQL.ASP,严格限制为只读模式)
|
||
|
|
*
|
||
|
|
* @author ChatRoom Laravel
|
||
|
|
*
|
||
|
|
* @version 1.0.0
|
||
|
|
*/
|
||
|
|
|
||
|
|
namespace App\Http\Controllers\Admin;
|
||
|
|
|
||
|
|
use App\Http\Controllers\Controller;
|
||
|
|
use Illuminate\Http\Request;
|
||
|
|
use Illuminate\Support\Facades\DB;
|
||
|
|
use Illuminate\View\View;
|
||
|
|
|
||
|
|
class SqlController extends Controller
|
||
|
|
{
|
||
|
|
/**
|
||
|
|
* 显示 SQL 执行沙盒界面
|
||
|
|
*/
|
||
|
|
public function index(): View
|
||
|
|
{
|
||
|
|
return view('admin.sql.index', ['results' => null, 'query' => '', 'columns' => []]);
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* 极度受限地执行 SQL (仅限 SELECT)
|
||
|
|
*/
|
||
|
|
public function execute(Request $request): View
|
||
|
|
{
|
||
|
|
$request->validate([
|
||
|
|
'query' => 'required|string|min:6',
|
||
|
|
]);
|
||
|
|
|
||
|
|
$sql = trim($request->input('query'));
|
||
|
|
|
||
|
|
// 安全拦截:绝不允许含有 update/delete/insert/truncate/drop 等破坏性指令
|
||
|
|
// 我们只允许查询,所以要求必须以 SELECT 起手,或者 EXPLAIN/SHOW
|
||
|
|
if (! preg_match('/^(SELECT|EXPLAIN|SHOW|DESCRIBE)\s/i', $sql)) {
|
||
|
|
return view('admin.sql.index', [
|
||
|
|
'results' => null,
|
||
|
|
'columns' => [],
|
||
|
|
'query' => $sql,
|
||
|
|
'error' => '安全保护触发:本探针只允许执行 SELECT / SHOW 等只读查询!',
|
||
|
|
]);
|
||
|
|
}
|
||
|
|
|
||
|
|
try {
|
||
|
|
$results = DB::select($sql);
|
||
|
|
|
||
|
|
// 提取表头
|
||
|
|
$columns = [];
|
||
|
|
if (! empty($results)) {
|
||
|
|
$firstRow = (array) $results[0];
|
||
|
|
$columns = array_keys($firstRow);
|
||
|
|
}
|
||
|
|
|
||
|
|
return view('admin.sql.index', [
|
||
|
|
'results' => $results,
|
||
|
|
'columns' => $columns,
|
||
|
|
'query' => $sql,
|
||
|
|
'error' => null,
|
||
|
|
]);
|
||
|
|
} catch (\Exception $e) {
|
||
|
|
return view('admin.sql.index', [
|
||
|
|
'results' => null,
|
||
|
|
'columns' => [],
|
||
|
|
'query' => $sql,
|
||
|
|
'error' => 'SQL 执行发生异常: '.$e->getMessage(),
|
||
|
|
]);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|