|
Posted by Jochem Maas on 08/24/05 16:49
Jay Blanchard wrote:
> [top-snip, because it makes sense in the context]
> On line 98 I changed from
>
> echo " Line " . str_pad($lineNo, 4, ' ', PAD_LEFT) . ": " .
> $fileLine;
>
> to
>
> echo " Line " . str_pad($lineNo, 4, ' ', PAD_LEFT) . ": " .
> ltrim($fileLine);
>
> to account for indented code, lines everything up neatly.
>
> Also, it would be cool to be able to specify that the entire query for a
> filtered item would show up. Therefore if I did;
>
> php queryFinder.php -nr -F "FROM MyDatabase"
-f
>
> I would get queries even if they were spread across multiple lines. I
> will work on that today.
this should work like this regardless of any extra filter given (obviously
the filter should also be taken into account if set)
this seems hard - I wanted to make it do this also... I had a think about it
but I just couldn't see a simple way of doing it... how does the code
'know' one string belongs to another... I figurede it's impossible to do properly unless
you start searching/matching/analysing the tokenized code... which is when
I decided to do something different ;-)
interested to see where you go with this!
>
> [/top-snip]
>
> <?php
> /*
> * Query Finder
> * Jay Blanchard, Jochem Maas
> * August 2005
> * NOT REALLY TOO EXTENSIBLE
> *
> * usage: call from command line, perform manual output to text file
> * i.e. php qryfind.php > <nameOfFileToSave.txt>
> */
>
> /* script help message */
> if (in_array('--help', $_SERVER['argv']) ||
> in_array('-h', $_SERVER['argv']) ||
> in_array('-?', $_SERVER['argv']))
> {
> echo '
> Use this command to search for SQL query strings inside php files.
> call from command line, perform manual output to text file
> i.e. php '.basename(__FILE__).' > <nameOfFileToSave.txt>
>
> arguments:
>
> -nr no recursion - do not search in subdirectories
> -f filtering - only show lines that contain the string passed
> as the arg to this flag
> --filter same as -f
> -v show more output, e.g. prints every scanned file instead of
> only the ones in whichs query strings were found.
> --verbose same as -v
>
> show this message: -?, -h or --help
>
> ';
> exit;
> }
>
> /* cruise the directory looking for PHP files */
> function findTheQueries($theDirectory, $filterString = null, $beVerbose
> = false, $NoRec = false)
> {
> static $arrQueryStarters, $arrQueryStartersCnt, $dirSep;
>
> if (!isset($arrQueryStarters)) {
> $arrQueryStarters = array('SELECT ', 'INSERT ', 'UPDATE
> ', 'FROM ', 'EXECUTE ', 'WHERE ', 'ORDER BY ',
> 'LEFT JOIN ');
> $arrQueryStartersCnt = count($arrQueryStarters);
>
> // Determine OS specific settings
> $uname = php_uname();
> if (substr($uname, 0, 7) == "Windows") {
> $dirSep = "\\";
> } else if (substr($uname, 0, 3) == "Mac") {
> $dirSep = "/";
> } else {
> $dirSep = "/";
> }
> }
>
> if (is_dir($theDirectory)) {
> /*
> * or you could just use glob('*.php')
> */
>
> if ($dh = opendir($theDirectory)) {
> while (($theFile = readdir($dh)) !== false) {
>
> /* recurse subdirs */
> if (is_dir($theDirectory.$dirSep.$theFile)) {
> if ($theFile != '.' && $theFile != '..' && !$NoRec)
> {
> findTheQueries($theDirectory.$dirSep.$theFile,
> $filterString, $beVerbose);
> }
> continue;
> }
>
> /* we only want to look at PHP files */
> $fileParts = array_reverse(explode('.', $theFile));
> if("php" == $fileParts[0]){
> /* always echo the file name, even if no queries */
> $fileNameOutputLine = "Filename:
> {$theDirectory}{$dirSep}{$theFile}\n";
> if ($beVerbose) {
> echo $fileNameOutputLine;
> unset($fileNameOutputLine);
> }
>
> $lineNo = 0;
> /* cruise the file looking for queries */
> $openFile = fopen($theDirectory.$dirSep.$theFile,
> "r");
> while(!feof($openFile)){
> $fileLine = fgets($openFile, 4096);
> $lineNo++;
> /* loop through query starter array */
> for($i = 0; $i < $arrQueryStartersCnt; $i++){
> if(strstr($fileLine,
> $arrQueryStarters[$i])) {
> if (!empty($filterString) &&
> !strstr($fileLine, $filterString)) {
> continue;
> }
> if (isset($fileNameOutputLine)) {
> echo $fileNameOutputLine;
> unset($fileNameOutputLine);
> }
> echo " Line " . str_pad($lineNo, 4,
> ' ', PAD_LEFT) . ": " . ltrim($fileLine);
> break; // if we find a line no need to
> find it again because it contains more than one
> keyword.
> }
> }
> }
> fclose($openFile);
> }
> }
> closedir($dh);
> } else {
> echo "Could not open: $theDirectory\n";
> }
> } else {
> echo "Bad directory: $theDirectory\n";
> }
> }
>
>
>
>
> /*
> * Determine command args
> */
> $filterString = null;
> $beVerbose = false;
> $NoRec = false;
> foreach ($_SERVER['argv'] as $k => $v) {
> /* determine (extra) filtering string */
> if ($v == '-f' || $v == '--filter' || $v == '--filt') {
> $filterString = isset($_SERVER['argv'][ $k + 1 ])
> ? $_SERVER['argv'][ $k + 1 ]
> : null;
> }
>
> if ($v == '-v' || $v == '--verbose') {
> $beVerbose = true;
> }
>
> if ($v == '-nr') {
> $NoRec = true;
> }
> }
>
> echo "Searching for queries in php files in: $theDirectory\n";
> if (isset($filterString)) {
> echo "...only lines containing '$filterString' will be shown.\n";
> }
>
> /* which directory will we be opening? this one, of course */
> findTheQueries(getcwd(), $filterString , $beVerbose, $NoRec);
>
[Back to original message]
|