Basic SQL command inteface

**dr_rock** · dr_rock, June 12th, 2008 01:05 AM

For the times you dont have access to the database, this will allow you to build sql queries on the fly to retrieve schema information and perform other database functions.

WARNING!!! DO NOT LEAVE THIS FILE UNSECURED ON YOUR LIVE SITE!!!!!!

Code:

<!--#INCLUDE file="include/connection.asp"-->
<%
'#Include File		 	- include/connection.asp
'# > Function OpenDB()  - creates open ado connection named adoConn
'# > Function CloseDB() - destroys adoConn

strAction = Request("action")
strCommand = Request("command")
intRows = Request("rows")
Select Case strAction
	Case "command"
	
			If (Session("active")) and (strCommand <> "") Then
			
				call OpenDB()
				strUrl = Replace(strCommand, vbcrlf, " ")
				Set rs = adoConn.Execute(strUrl) 
				call CloseDB()

				response.redirect("sqltool.asp?message=SQL Command Successful!")
			End If
		
	Case "query"
	
		If (Session("active")) and (strCommand <> "") and (IsNumeric(intRows)) Then
		
			call OpenDB()
			strUrl = Replace(strCommand, vbcrlf, " ")
			Set rs = adoConn.Execute(strUrl) 
			strResults = ""
			Do Until rs.EOF
				intMaxRows = CLng(intRows)
				for x = 0 to intMaxRows-1
					strResults = strResults & rs(x) & " | "
				next
				strResults = strResults & vbcrlf
				rs.movenext
			Loop
			rs.close()
			set rs = Nothing
			call CloseDB()
			
		End If
	Case "letmein"
		Session("active") = True
		response.redirect("sqltool.asp?message=Hello There!")
	Case "bye"
		Session("active") = False
		response.redirect("sqltool.asp?message=Goodbye Now!")
End Select
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>SQL TOOL</title>
</head>
<body>
<%If NOT(Session("active")) Then%>
Access Denied! Bugger off!
<%Else%>
<form action="sqltool.asp" method="post" name="sqltool">
<table width="100%">
	<tr>
		<td valign="top">
			<textarea name="command" rows="4" cols="80"><%=strCommand%></textarea>
		</td>
	</tr>
</table>
<table width="100%">
	<tr>
		<td style="border : solid 2px #ACA899;">
		<input type="button" value="Select" style="width:100px;" onclick="document.sqltool.command.value='SELECT * FROM ___ WHERE ___ ORDER BY ___';document.sqltool.action[1].checked=true;" />
		<input type="button" value="Insert" style="width:100px;" onclick="document.sqltool.command.value='INSERT INTO () VALUES ()';document.sqltool.action[0].checked=true;" />
		<input type="button" value="Update" style="width:100px;" onclick="document.sqltool.command.value='UPDATE ___ SET ___ = ___ WHERE ___ = ___';document.sqltool.action[0].checked=true;" />
		<input type="button" value="Delete" style="width:100px;" onclick="document.sqltool.command.value='DELETE FROM ___ WHERE ___ = ___';document.sqltool.action[0].checked=true;" /><br />
		</td>
		<td style="border : solid 2px #ACA899;">
		<input type="button" value="Structure" style="width:100px;" onclick="document.sqltool.command.value='select table_name, column_name, ordinal_position, data_type from information_schema.columns order by 1,3';document.sqltool.action[1].checked=true;document.sqltool.rows.value=4;" />
		<input type="button" value="Add Table" style="width:100px;" onclick="document.sqltool.command.value='CREATE TABLE [dbo].[__] ([__] [bigint] IDENTITY (1, 1) NOT NULL ,	[__] [varchar] (50) COLLATE Latin1_General_CI_AS NULL ,	[__] [bit] NULL , [__] [varchar] (50) COLLATE Latin1_General_CI_AS NULL) ON [PRIMARY]';document.sqltool.action[0].checked=true;" />
		<input type="button" value="Hilight" style="width:100px;" onclick="document.sqltool.command.select();" />
		<input type="button" value="Clear" style="width:100px;" onclick="document.sqltool.command.value='';" />
		</td>
	<tr>
	</tr>
		<td colspan="2" style="border : solid 2px #ACA899;">
			<input type="radio" name="action" value="command" checked="checked" />Cmd&nbsp;
			<input type="radio" name="action" value="query" />
			Qry <input type="text" name="rows" value="<%=intRows%>" style="width:20px;" />cols&nbsp;
			<input type="submit" />
		</td>
	</tr>
</table>
<table width="100%">
	<tr>
		<td valign="top">
			<textarea name="response" rows="8" cols="80"><%If Request("message") <> "" Then Response.write(Request("message")&vbcrlf)%><%=strResults%></textarea>
		</td>
	</tr>
</table>
</form>
<%End If%>
</body>
</html>

**BLaaaaaaaaaarche** · BLaaaaaaaaaarche, June 12th, 2008 10:33 AM

Is this a question?

**dr_rock** · dr_rock, June 12th, 2008 08:25 PM

More a rehtorical statement

**jmurrayhead** · jmurrayhead, June 16th, 2008 09:54 AM

So basically this allows you to query the database from a web interface when you can't physically access the database?

**dr_rock** · dr_rock, June 17th, 2008 02:02 AM

Originally Posted by jmurrayhead

So basically this allows you to query the database from a web interface when you can't physically access the database?

Yes and I have a couple of auto insert commands to make life easier, note that you must have the command radio checked for commands and the query radio set + number of fields for queries, its great for pulling out schemas.

Thread: Basic SQL command inteface

LinkBack

Thread Tools

Display

Basic SQL command inteface

Similar Threads

[Basic Tools] An intro to making complex databases using simple methods.

Basic Questions

Command Buttons Coloring

Wizard1 error The command 'MoveComplete' is not valid

Basic Login Script (using MS Acesss)

Bookmarks

Bookmarks

Posting Permissions