Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

doing a while true in a mysql exec statement in php

Posted on 2014-01-13
9
Medium Priority
?
469 Views
Last Modified: 2014-01-14
Hello

I was wondering if it was possible to do something like this in php

$sql = "while 1 do update table set field1 = 1 where 1 = 1 end do;"
$res = mysql_query($sql, $conn)

I am asking this because someone seems to have done something very similar to my database. I dont have access to the server logs of the mysql logs either. I was just wondering  what the syntax was if i wanted to do this.

I have been unable to get a while statement running from the command line like this

Thanks
0
Comment
Question by:andieje
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 39776393
Yes you can do that with mysql proc...
However it's more likely that the loop is done in the calling script...
0
 

Author Comment

by:andieje
ID: 39776412
Thanks for replying but could you be more explicit and address the questions I asked directly.

There are no stored procedures on the database.

What is mysql proc? Are you referring to a php function or something in mysql?

But the original quesiton still stands, whether there is a better way of doing it or now, could you call a while statement inside mysql_query.

Thanks a lot for your help
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 39777024
I think you are trying to have a procedure that runs eternally. That is not a good idea. First of all, mysql and php may try to kill queries that take too long. Second, you may inadvertently end up locking tables while your procedure is running. Third, syntactically, there is no way to do this in simple mysql. As andieje mentioned, you could make a stored procedure, but that is a bad idea for the reasons given above.

So, there are a couple of things you should consider.

1. Why do you want this query to run continuously? If you are continually getting data into your database that needs to be fixed, you should probably fix it before it gets in, either with a TRIGGER or by modifying your insert statements.

2. If you can not control the data before it gets in, you should probably run your query at regular intervals (with cron or Task Scheduler)
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 1000 total points
ID: 39777036
I checked now the reference:
http://dev.mysql.com/doc/refman/5.0/en/loop.html
eventually (but I did not try) you could run a BEGIN  ...  END containing the loop code with mysql_query ...

as I don't have a mysql db on hands right now, I cannot test it, you can, I presume
0
 

Author Comment

by:andieje
ID: 39777056
Hi
I dont want to do this at all. I do not think it is a good idea at all. This was not my question. I think someone else might have done it. I do not currently have access to mysql to check. My question was asking for the correct syntax to run something such as this. Thanks a lot
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 39777103
well, then please clarify what REALLY you are looking for.
what is the task you want to achieve (and for a moment, don't care on how you want to achieve it)
0
 
LVL 24

Assisted Solution

by:mankowitz
mankowitz earned 1000 total points
ID: 39777627
so if I'm understanding you, you are asking

"How would a confused or malevolent programmer write a query that brings a mysql server to its knees by running continuously?"

ok, I hope you're wearing the white hat here.....

In PHP, you could do this

$sql = "update table set field1 = 1";
while (1) $res = mysql_query($sql, $conn);

Open in new window


Now, if you were confined to SQL, that's a bit more of a challenge. In fact, I really can't think of a way without using stored procedures.
0
 

Author Comment

by:andieje
ID: 39779865
Hi - yes i'm wearing the white site. I think my site was hacked. I know what happened just not how, I was wondering if it could have been passed in as a query string to some unchecked code which builds the $sql. Given the speed of the attack it must have been looped in one page load.
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 39781165
if you site is susceptible to sql insertion, the attacker could create a stored procedure. Also, if he has some knowledge of your db structure, he can make code that runs 1,000,000 times simply by joining a 1000 line table with itself.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question