Posted by Jochem Maas on 08/24/05 15:16

hi Jay,

here is a new and improved version:

<?php
/*
* Query Finder
* Jay Blanchard (and a bit of Jochem too)
* August 2005
* NOT REALLY TOO EXTENSIBLE
*
* usage: call from command line, perform manual output to text file
* i.e. php qryfind.php > <nameOfFileToSave.txt>
*/

/* script help message */
if (in_array('--help', $_SERVER['argv']) ||
in_array('-h', $_SERVER['argv']) ||
in_array('-?', $_SERVER['argv']))
{
echo '
Use this command to search for SQL query strings inside php files.
call from command line, perform manual output to text file
i.e. php '.basename(__FILE__).' > <nameOfFileToSave.txt>

arguments:

-nr no recursion - do not search in subdirectories
-f filtering - only show lines that contain the string passed as the arg to this flag
--filter same as -f
-v show more output, e.g. prints every scanned file instead of only the ones in whichs query strings were found.
--verbose same as -v

show this message: -?, -h or --help

';
exit;
}

/* cruise the directory looking for PHP files */
function findTheQueries($theDirectory, $filterString = null, $beVerbose = false, $NoRec = false)
{
static $arrQueryStarters, $arrQueryStartersCnt, $dirSep;

if (!isset($arrQueryStarters)) {
$arrQueryStarters = array('SELECT ', 'INSERT ', 'UPDATE ', 'FROM ', 'EXECUTE ', 'WHERE ', 'ORDER BY ',
'LEFT JOIN ');
$arrQueryStartersCnt = count($arrQueryStarters);

// Determine OS specific settings
$uname = php_uname();
if (substr($uname, 0, 7) == "Windows") {
$dirSep = "\\";
} else if (substr($uname, 0, 3) == "Mac") {
$dirSep = "/";
} else {
$dirSep = "/";
}
}

if (is_dir($theDirectory)) {
/*
* or you could just use glob('*.php')
*/

if ($dh = opendir($theDirectory)) {
while (($theFile = readdir($dh)) !== false) {

/* recurse subdirs */
if (is_dir($theDirectory.$dirSep.$theFile)) {
if ($theFile != '.' && $theFile != '..' && !$NoRec) {
findTheQueries($theDirectory.$dirSep.$theFile, $filterString, $beVerbose);
}
continue;
}

/* we only want to look at PHP files */
$fileParts = array_reverse(explode('.', $theFile));
if("php" == $fileParts[0]){
/* always echo the file name, even if no queries */
$fileNameOutputLine = "Filename: {$theDirectory}{$dirSep}{$theFile}\n";
if ($beVerbose) {
echo $fileNameOutputLine;
unset($fileNameOutputLine);
}

$lineNo = 0;
/* cruise the file looking for queries */
$openFile = fopen($theDirectory.$dirSep.$theFile, "r");
while(!feof($openFile)){
$fileLine = fgets($openFile, 4096);
$lineNo++;
/* loop through query starter array */
for($i = 0; $i < $arrQueryStartersCnt; $i++){
if(strstr($fileLine, $arrQueryStarters[$i])) {
if (!empty($filterString) && !strstr($fileLine, $filterString)) {
continue;
}
if (isset($fileNameOutputLine)) {
echo $fileNameOutputLine;
unset($fileNameOutputLine);
}
echo " Line " . str_pad($lineNo, 4, ' ', PAD_LEFT) . ": " . $fileLine;
break; // if we find a line no need to find it again because it contains more than one
keyword.
}
}
}
fclose($openFile);
}
}
closedir($dh);
} else {
echo "Could not open: $theDirectory\n";
}
} else {
echo "Bad directory: $theDirectory\n";
}
}




/*
* Determine command args
*/
$filterString = null;
$beVerbose = false;
$NoRec = false;
foreach ($_SERVER['argv'] as $k => $v) {
/* determine (extra) filtering string */
if ($v == '-f' || $v == '--filter' || $v == '--filt') {
$filterString = isset($_SERVER['argv'][ $k + 1 ])
? $_SERVER['argv'][ $k + 1 ]
: null;
}

if ($v == '-v' || $v == '--verbose') {
$beVerbose = true;
}

if ($v == '-nr') {
$NoRec = true;
}
}

echo "Searching for queries in php files in: $theDirectory\n";
if (isset($filterString)) {
echo "...only lines containing '$filterString' will be shown.\n";
}

/* which directory will we be opening? this one, of course */
findTheQueries(getcwd(), $filterString , $beVerbose, $NoRec);

[Back to original message]