newdata.pas

domain3.2 SQL注入漏洞扫描 旁注 上传功能 数据库浏览

{##########################################
         旁注入侵专用程序 3.0升级版
 ----------------------------------------
  模块：数据库浏览 - 新建数据表
  描述：该单元主要用于新建数据表
  作者：2005.4.2日晚  明小子
##########################################}

unit NewData;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, Spin, ComCtrls;

type
  TNewDataForm = class(TForm)
    Label1: TLabel;
    EdTableName: TEdit;
    ChkAuto: TCheckBox;
    Button2: TButton;
    Button3: TButton;
    SpinEdit1: TSpinEdit;
    Label2: TLabel;
    Label3: TLabel;
    Label4: TLabel;
    CbType: TComboBox;
    ChkSet: TCheckBox;
    EdFieldName: TEdit;
    Button1: TButton;
    procedure SpinEdit1Change(Sender: TObject);
    procedure Button2Click(Sender: TObject);
    procedure CbTypeKeyPress(Sender: TObject; var Key: Char);
    procedure Button3Click(Sender: TObject);
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  NewDataForm: TNewDataForm;
  Num: integer = 2;
  ED: array of TEdit;
  LB, LB2: array of TLabel;
  CBOX: array of TComboBox;
  Chk: array of TCheckBox;

implementation

uses MainUnit;

{$R *.dfm}

procedure TNewDataForm.SpinEdit1Change(Sender: TObject);
begin

  SetLength(ED, SpinEdit1.Value + 5);
  SetLength(LB, SpinEdit1.Value + 5);
  SetLength(LB2, SpinEdit1.Value + 5);
  SetLength(CBOX, SpinEdit1.Value + 5);
  SetLength(CHK, SpinEdit1.Value + 5);

  if Num = SpinEdit1.Value then
  begin
    ED[SpinEdit1.Value + 1] := TEdit.Create(self);
    ED[SpinEdit1.Value + 1].Parent := NewDataForm;
    ED[SpinEdit1.Value + 1].Width := 135;
    ED[SpinEdit1.Value + 1].Height := 20;
    ED[SpinEdit1.Value + 1].Top := 21 + (SpinEdit1.Value * 24);
    ED[SpinEdit1.Value + 1].Left := 88;

    LB[SpinEdit1.Value + 1] := TLabel.Create(self);
    LB[SpinEdit1.Value + 1].Parent := NewDataForm;
    LB[SpinEdit1.Value + 1].Caption := '列' + inttostr(SpinEdit1.Value) + ':字段名';
    LB[SpinEdit1.Value + 1].Width := 78;
    LB[SpinEdit1.Value + 1].Height := 12;
    LB[SpinEdit1.Value + 1].Top := 26 + (SpinEdit1.Value * 24);
    LB[SpinEdit1.Value + 1].Left := 8;

    LB2[SpinEdit1.Value + 1] := TLabel.Create(self);
    LB2[SpinEdit1.Value + 1].Parent := NewDataForm;
    LB2[SpinEdit1.Value + 1].Caption := '字段类型';
    LB2[SpinEdit1.Value + 1].Width := 52;
    LB2[SpinEdit1.Value + 1].Height := 12;
    LB2[SpinEdit1.Value + 1].Top := 26 + (SpinEdit1.Value * 24);
    LB2[SpinEdit1.Value + 1].Left := 232;

    CBOX[SpinEdit1.Value + 1] := TComboBox.Create(self);
    CBOX[SpinEdit1.Value + 1].Parent := NewDataForm;
    CBox[SpinEdit1.Value + 1].Items.Add('文本');
    CBox[SpinEdit1.Value + 1].Items.Add('备注');
    CBox[SpinEdit1.Value + 1].Items.Add('数字');
    CBox[SpinEdit1.Value + 1].Items.Add('货币');
    CBox[SpinEdit1.Value + 1].Items.Add('日期/时间');
    CBox[SpinEdit1.Value + 1].ItemIndex := 0;
    CBOX[SpinEdit1.Value + 1].Width := 81;
    CBOX[SpinEdit1.Value + 1].Height := 20;
    CBOX[SpinEdit1.Value + 1].Top := 21 + (SpinEdit1.Value * 24);
    CBOX[SpinEdit1.Value + 1].Left := 288;
    CBOX[SpinEdit1.Value + 1].SelStart := 10;

    Chk[SpinEdit1.Value + 1] := TCheckBox.Create(self);
    Chk[SpinEdit1.Value + 1].Parent := NewDataForm;
    Chk[SpinEdit1.Value + 1].Caption := '必填字段';
    Chk[SpinEdit1.Value + 1].Width := 73;
    Chk[SpinEdit1.Value + 1].Height := 17;
    Chk[SpinEdit1.Value + 1].Top := 23 + (SpinEdit1.Value * 24);
    Chk[SpinEdit1.Value + 1].Left := 376;
    ED[SpinEdit1.Value + 1].SetFocus;

    NewDataForm.Height := 118 + SpinEdit1.Value * 25;
    Button1.Top := NewDataForm.Height - 70;
    Button2.Top := NewDataForm.Height - 70;
    Button3.Top := NewDataForm.Height - 70;
    Inc(Num);
  end
  else
  begin
    ED[Num].Free;
    LB[Num].Free;
    LB2[Num].Free;
    CBOX[Num].Free;
    Chk[Num].Free;
    Dec(Num);
    NewDataForm.Height := 118 + SpinEdit1.Value * 25;
    Button1.Top := NewDataForm.Height - 70;
    Button2.Top := NewDataForm.Height - 70;
    Button3.Top := NewDataForm.Height - 70;
  end;
end;

procedure TNewDataForm.Button2Click(Sender: TObject);
var
  TypeStr: string;
  i: integer;
  Tables: TStrings;
  TN: TTreeNode;
begin

  if Trim(EdTableName.Text) = '' then
  begin
    application.MessageBox('请先设置表名!', '提示', 64);
    Exit;
  end;

  if Trim(EdFieldName.Text) = '' then
  begin
    application.MessageBox('请先设置字段名!', '提示', 64);
    Exit;
  end;

  for i := 0 to MainForm.TableTree.Items.Count - 1 do
    if Trim(EdTableName.Text) = MainForm.TableTree.Items[i].Text then
    begin
      application.MessageBox('你设置的表名与该数据库的另一对象同名,请重新设置表名!', '提示', 48);
      Exit;
    end;

  try
    MainForm.ADOQuery1.Close;
    if (CbType.Itemindex = 0) or (CbType.Text = '文本') then TypeStr := 'String';
    if CbType.Itemindex = 1 then TypeStr := 'memo';
    if CbType.Itemindex = 2 then TypeStr := 'long';
    if CbType.Itemindex = 3 then TypeStr := 'currency';
    if CbType.Itemindex = 4 then TypeStr := 'time';
    if ChkAuto.Checked then
    begin
      if ChkSet.Checked then
        MainForm.ADOQuery1.SQL.Text := 'create table ' + EdTableName.Text + '(ID int IDENTITY (1, 1) NOT NULL, ' + EdFieldName.Text + ' ' + TypeStr + ' not null)'
      else
        MainForm.ADOQuery1.SQL.Text := 'create table ' + EdTableName.Text + '(ID int IDENTITY (1, 1) NOT NULL, ' + EdFieldName.Text + ' ' + TypeStr + ')';
    end
    else
    begin
      if ChkSet.Checked then
        MainForm.ADOQuery1.SQL.Text := 'create table ' + EdTableName.Text + '(' + EdFieldName.Text + ' ' + TypeStr + ' not null)'
      else
        MainForm.ADOQuery1.SQL.Text := 'create table ' + EdTableName.Text + '(' + EdFieldName.Text + ' ' + TypeStr + ')'
    end;

    MainForm.ADOQuery1.ExecSQL;

    if SpinEdit1.Value > 1 then
    begin
      for i := 3 to SpinEdit1.Value + 1 do
      begin
        MainForm.ADOQuery1.Close;
        if (CBOX[i].Itemindex = 0) or (CBOX[i].Text = '文本') then TypeStr := 'String';
        if CBOX[i].Itemindex = 1 then TypeStr := 'memo';
        if CBOX[i].Itemindex = 2 then TypeStr := 'long';
        if CBOX[i].Itemindex = 3 then TypeStr := 'currency';
        if CBOX[i].Itemindex = 4 then TypeStr := 'time';
        if Chk[i].Checked then
          MainForm.ADOQuery1.SQL.Text := 'alter table ' + EdTableName.Text + ' add column ' + ED[i].Text + ' ' + TypeStr + ' not null'
        else
          MainForm.ADOQuery1.SQL.Text := 'alter table ' + EdTableName.Text + ' add column ' + ED[i].Text + ' ' + TypeStr;
        MainForm.ADOQuery1.ExecSQL;
      end;
    end;

    { * * * * * * * 创建完毕后，自动打开数据表 * * * * * * }
    try
      MainForm.TableTree.Items.Clear;
      MainForm.FieldsTree.Items.Clear;
    except
    end;

    try
      Tables := TStringList.Create;
      MainForm.ADOCon.GetTableNames(Tables);
      for i := 0 to Tables.Count - 1 do
        MainForm.TableTree.Items.AddChild(TN, Tables.Strings[i]);
      Tables.Free;
      MainForm.OpenDataBool := True; {表示数据已已经被打开了}
      MainForm.Pane1.Caption := '共有:' + inttostr(MainForm.TableTree.Items.Count) + '个数据表';
    except
    end;

    application.MessageBox('新数据表已成功创建!', '提示', 64);
    Close;
  except
    application.MessageBox('创建新数据表失败,表名或字段名设置有误!' + #13 +
      '提示:表名或字段名不可以设置为诸如:' + #13 + 'User、Table、Money、From、Select等之类的SQL关键字!', '发生错误', 48);
  end;
end;

procedure TNewDataForm.CbTypeKeyPress(Sender: TObject; var Key: Char);
begin
  key := #0;
end;

procedure TNewDataForm.Button3Click(Sender: TObject);
begin
  close;
end;

procedure TNewDataForm.Button1Click(Sender: TObject); {初始化新建数据表}
var
  i, j: integer;
begin
  try
    for j := 1 to 2 do
    begin
      for i := 2 to SpinEdit1.Value + 1 do
      begin
        ED[i].Free;
        LB[i].Free;
        LB2[i].Free;
        CBOX[i].Free;
        Chk[i].Free;
      end;
      Num := 2;
      SpinEdit1.Value := 1;
      CbType.ItemIndex := 0;
      ChkAuto.Checked := False;
      ChkSet.Checked := False;
      EdTableName.Clear;
      EdFieldName.Clear;
      Button2.Top := 75;
      Button1.Top := 75;
      Button3.Top := 75;
      NewDataForm.Height := 150;
    end;
  except
  end;
end;

end.