asked on
doing a while true in a mysql exec statement in php
Hello
I was wondering if it was possible to do something like this in php
$sql = "while 1 do update table set field1 = 1 where 1 = 1 end do;"
$res = mysql_query($sql, $conn)
I am asking this because someone seems to have done something very similar to my database. I dont have access to the server logs of the mysql logs either. I was just wondering what the syntax was if i wanted to do this.
I have been unable to get a while statement running from the command line like this
Thanks
I was wondering if it was possible to do something like this in php
$sql = "while 1 do update table set field1 = 1 where 1 = 1 end do;"
$res = mysql_query($sql, $conn)
I am asking this because someone seems to have done something very similar to my database. I dont have access to the server logs of the mysql logs either. I was just wondering what the syntax was if i wanted to do this.
I have been unable to get a while statement running from the command line like this
Thanks
MySQL Server
Last Comment
mankowitz
ASKER
Thanks for replying but could you be more explicit and address the questions I asked directly.
There are no stored procedures on the database.
What is mysql proc? Are you referring to a php function or something in mysql?
But the original quesiton still stands, whether there is a better way of doing it or now, could you call a while statement inside mysql_query.
Thanks a lot for your help
There are no stored procedures on the database.
What is mysql proc? Are you referring to a php function or something in mysql?
But the original quesiton still stands, whether there is a better way of doing it or now, could you call a while statement inside mysql_query.
Thanks a lot for your help
I think you are trying to have a procedure that runs eternally. That is not a good idea. First of all, mysql and php may try to kill queries that take too long. Second, you may inadvertently end up locking tables while your procedure is running. Third, syntactically, there is no way to do this in simple mysql. As andieje mentioned, you could make a stored procedure, but that is a bad idea for the reasons given above.
So, there are a couple of things you should consider.
1. Why do you want this query to run continuously? If you are continually getting data into your database that needs to be fixed, you should probably fix it before it gets in, either with a TRIGGER or by modifying your insert statements.
2. If you can not control the data before it gets in, you should probably run your query at regular intervals (with cron or Task Scheduler)
So, there are a couple of things you should consider.
1. Why do you want this query to run continuously? If you are continually getting data into your database that needs to be fixed, you should probably fix it before it gets in, either with a TRIGGER or by modifying your insert statements.
2. If you can not control the data before it gets in, you should probably run your query at regular intervals (with cron or Task Scheduler)
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi
I dont want to do this at all. I do not think it is a good idea at all. This was not my question. I think someone else might have done it. I do not currently have access to mysql to check. My question was asking for the correct syntax to run something such as this. Thanks a lot
I dont want to do this at all. I do not think it is a good idea at all. This was not my question. I think someone else might have done it. I do not currently have access to mysql to check. My question was asking for the correct syntax to run something such as this. Thanks a lot
well, then please clarify what REALLY you are looking for.
what is the task you want to achieve (and for a moment, don't care on how you want to achieve it)
what is the task you want to achieve (and for a moment, don't care on how you want to achieve it)
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi - yes i'm wearing the white site. I think my site was hacked. I know what happened just not how, I was wondering if it could have been passed in as a query string to some unchecked code which builds the $sql. Given the speed of the attack it must have been looped in one page load.
if you site is susceptible to sql insertion, the attacker could create a stored procedure. Also, if he has some knowledge of your db structure, he can make code that runs 1,000,000 times simply by joining a 1000 line table with itself.
However it's more likely that the loop is done in the calling script...