lkddi
50fc804402
- (Phase 8) 后台各维度管理与配置 - (Phase 9) 全自动静默挂机修仙升级 - (Phase 9) 四大维度风云排行榜页面 - (Phase 10) 全站留言板与悄悄话私信功能 - 运行 Pint 代码格式化
77 lines
2.1 KiB
PHP
77 lines
2.1 KiB
PHP
<?php
|
||
|
||
/**
|
||
* 文件功能:后台 SQL 探针
|
||
* (替代原版 SQL.ASP,严格限制为只读模式)
|
||
*
|
||
* @author ChatRoom Laravel
|
||
*
|
||
* @version 1.0.0
|
||
*/
|
||
|
||
namespace App\Http\Controllers\Admin;
|
||
|
||
use App\Http\Controllers\Controller;
|
||
use Illuminate\Http\Request;
|
||
use Illuminate\Support\Facades\DB;
|
||
use Illuminate\View\View;
|
||
|
||
class SqlController extends Controller
|
||
{
|
||
/**
|
||
* 显示 SQL 执行沙盒界面
|
||
*/
|
||
public function index(): View
|
||
{
|
||
return view('admin.sql.index', ['results' => null, 'query' => '', 'columns' => []]);
|
||
}
|
||
|
||
/**
|
||
* 极度受限地执行 SQL (仅限 SELECT)
|
||
*/
|
||
public function execute(Request $request): View
|
||
{
|
||
$request->validate([
|
||
'query' => 'required|string|min:6',
|
||
]);
|
||
|
||
$sql = trim($request->input('query'));
|
||
|
||
// 安全拦截:绝不允许含有 update/delete/insert/truncate/drop 等破坏性指令
|
||
// 我们只允许查询,所以要求必须以 SELECT 起手,或者 EXPLAIN/SHOW
|
||
if (! preg_match('/^(SELECT|EXPLAIN|SHOW|DESCRIBE)\s/i', $sql)) {
|
||
return view('admin.sql.index', [
|
||
'results' => null,
|
||
'columns' => [],
|
||
'query' => $sql,
|
||
'error' => '安全保护触发:本探针只允许执行 SELECT / SHOW 等只读查询!',
|
||
]);
|
||
}
|
||
|
||
try {
|
||
$results = DB::select($sql);
|
||
|
||
// 提取表头
|
||
$columns = [];
|
||
if (! empty($results)) {
|
||
$firstRow = (array) $results[0];
|
||
$columns = array_keys($firstRow);
|
||
}
|
||
|
||
return view('admin.sql.index', [
|
||
'results' => $results,
|
||
'columns' => $columns,
|
||
'query' => $sql,
|
||
'error' => null,
|
||
]);
|
||
} catch (\Exception $e) {
|
||
return view('admin.sql.index', [
|
||
'results' => null,
|
||
'columns' => [],
|
||
'query' => $sql,
|
||
'error' => 'SQL 执行发生异常: '.$e->getMessage(),
|
||
]);
|
||
}
|
||
}
|
||
}
|