SQL Server Online Manager

有时候需要在线管理SQLServer数据库,手上马儿自带的功能太不直观方便,于是在网上找到了BBSGOOD的mssql_online_v1.0beta,不过发现其文件过多,不方便上传,今天花点时间把功能都修改整合成了一个文件。

代码如下(SQLServer.asp):

<%
if trim(request.Cookies(“linkok”))<>”yes” then
if trim(request.QueryString(“login”))=”login” then
Response.Cookies(“ipdress”)=trim(request.Form(“ipdress”))
Response.Cookies(“dataname”)=trim(request.Form(“dataname”))
Response.Cookies(“username”)=trim(request.Form(“username”))
Response.Cookies(“password”)=trim(request.Form(“password”))
LinkData
if trim(request.Cookies(“linkok”))=”yes” then
closedata
Response.Redirect “SQLServer.asp”
end if
else
%>
<html>
<head>
<title>SQL Server Manager(Modified By toby57 2011.2.20)</title>
<meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″ />
<style>
body {
margin-top: 130px;
background-image: url(images/bg.jpg);
background-repeat: repeat-x;
}
body,td,th {
font-size: 12px;
font-family: Segoe Script;
font-style:bold;
color: #333333;
}
</style>
</head>
<body>
<table width=”601″ border=”0″ align=”center” cellpadding=”0″ cellspacing=”0″>
<tr style=”line-height:25px”>
<td width=”1″ bgcolor=”#dadada”></td>
<td width=”350″ align=”center” valign=”top”><table width=”90%” border=”0″ cellspacing=”0″ cellpadding=”0″>
<tr>
<td height=”80″ colspan=”2″><strong><font color=”#006699″ size=”3″>SQL Server Login Panel</font></strong></td>
</tr>
<tr><form action=”?login=login” method=”post” id=form1 name=form1>
<td width=”40%” height=”50″ align=”left” valign=”middle”><strong>IP</strong></td>
<td width=”60%” height=”50″ align=”left” valign=”middle”><input name=”ipdress” type=”text” size=”20″ value=”127.0.0.1″/></td>
</tr>
<tr>
<td width=”40%” height=”40″ align=”left” valign=”middle”><strong>username</strong></td>
<td width=”60%” height=”40″ align=”left” valign=”middle”><input name=”username” type=”text” size=”20″ /></td>
</tr>
<tr>
<td width=”40%” height=”40″ align=”left” valign=”middle”><strong>password</strong></td>
<td width=”60%” height=”40″ align=”left” valign=”middle”><input name=”password” type=”password” size=”20″ /></td>
</tr>
<tr>
<td width=”40%” height=”40″ align=”left” valign=”middle”><strong>dbname</strong></td>
<td width=”60%” height=”40″ align=”left” valign=”middle”><input name=”dataname” type=”text” size=”20″ /></td>
</tr>
<tr>
<td height=”40″ align=”left” valign=”middle”></td>
<td height=”40″ align=”left” valign=”middle”><input type=”submit” value=”Login” /></td>
</tr>
</table></td></form>
</tr>
</table>
<%
end if
else
%>
<html>
<body bgcolor=”#2663e0″>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″ />
<style>
td {   font-size: 10pt ;font-family: Fixedsys;color:#ffffff;}
P  {   font-size: 10pt ;color:#ffffff;}
font {   font-size: 10pt ;font-family: Fixedsys;color:#ffffff;}
A:link   {color:#ffffff;font-style: normal; text-decoration: none; cursor: hand;}
A:visited   {color:#ffffff;font-style: normal; text-decoration: none;}
A:active    {color:#ffffff;font-style: normal; text-decoration: none;}
A:hover  {color:#ffffff;font-style:bold; text-decoration:underline;}
</style>
</head>
<center><font color=”#ffffff”><b>SQL Server Online Manager</b></font></center>
<table align=”center” cellpadding=”5″ cellspacing=”0″>
<tr><td height=”10″></td></tr>
<tr><td height=”30″><a href=”?cz=1″ target=”right”>->Database(<%=Request.Cookies(“dataname”)%>)</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td height=”30″><a href=”?cz=12″ target=”_top”>->Logout</a></td></tr>
</table>
<%
dim cz
if not IsObject(conn) then
LinkData
end if
if request.QueryString(“cz”)=”” then
cz = 1
else
cz = request.QueryString(“cz”)
end if
Response.Write “<table border=””0″” width=””100%””><tr><td valign=””top””>”
select case clng(cz)
case 12
CloseData
Response.Cookies(“ipdress”)=””
Response.Cookies(“dataname”)=””
Response.Cookies(“username”)=””
Response.Cookies(“password”)=””
Response.Cookies(“linkok”)=””
Response.Redirect “SQLServer.asp”
case 1
set rsSchema=conn.openSchema(20)
rsSchema.movefirst
Response.Write “<form action=””?cz=4″” method=””post””>Table<input type=””text”” name=””crtablename”” size=””15″”> <input type=””submit”” value=”” Create””></form>”
Response.Write “database(“&Request.Cookies(“dataname”)&”)->Table &nbsp;&nbsp;<a href=””?cz=1″”>UserTable</a> &nbsp;&nbsp;<a href=””?cz=1&alltable=1″”>AllTable</a><table border=””0″” width=””700″”><tr height=””25″”><td>TableName</td><td colspan=””4″”>Action</td><td>SQL</td></tr>”
Do Until rsSchema.EOF
if request.QueryString(“alltable”)=1  or rsSchema(“TABLE_TYPE”)=”TABLE” then
response.write “<tr><form action=””?cz=9&tablename2=”&rsSchema(“TABLE_NAME”)&””” method=””post””><td><input type=””text”” name=””tablename”” value=”””&rsSchema(“TABLE_NAME”)&””” size=””15″”></td><td><input type=””submit”” value=””Save””></td></form><td><a href=””?cz=2&tablename=”&rsSchema(“TABLE_NAME”)&”””>AlertTable</a></td><td><a href=””?cz=3&tablename=”&rsSchema(“TABLE_NAME”)&”””>OpenTable</a></td><td><a onclick=checkclick(‘Confirm To Drop this table?’) href=””?cz=6&tablename=”&rsSchema(“TABLE_NAME”)&”””>DropTable</a></td><td><a href=””?cz=10&czsql=1&tablename=”&rsSchema(“TABLE_NAME”)&”””>SELECT</a>|<a href=””?cz=10&czsql=2&tablename=”&rsSchema(“TABLE_NAME”)&”””>INSERT</a>|<a href=””?cz=10&czsql=3&tablename=”&rsSchema(“TABLE_NAME”)&”””>UPDATE</a>|<a href=””?cz=10&czsql=4&tablename=”&rsSchema(“TABLE_NAME”)&”””>DELETE</a></td></tr>”
Response.Write “<tr><td height=””1″” bgcolor=””#555555″” colspan=””6″”></td></tr>”
end if
rsSchema.movenext
Loop
Response.Write “</table>”
rsSchema.close
set rsSchema=Nothing
case 2
dim fieldCount
set rs=conn.execute(“select * from [“&trim(request.QueryString(“tablename”))&”]”)
fieldCount = rs.Fields.Count
Response.Write “<form action=””?cz=5&tablename=”&trim(request.QueryString(“tablename”))&””” method=””post”” id=form1 name=form1>Column Name<input type=””text”” name=””crfield”” size=””15″”> <select name=””fieldtype””>”
Response.Write “<option value=””””>Column Type</option>”
Response.Write “<option value=””int””>int</option>”
Response.Write “<option value=””bigint””>bigint</option>”
Response.Write “<option value=””smallint””>smallint</option>”
Response.Write “<option value=””varchar””>varchar</option>”
Response.Write “<option value=””ntext””>ntext</option>”
Response.Write “<option value=””float””>float</option>”
Response.Write “<option value=””bit””>bit</option>”
Response.Write “<option value=””nvarchar””>nvarchar</option>”
Response.Write “<option value=””datetime””>datetime</option>”
Response.Write “<option value=””image””>image</option>”
Response.Write “<option value=””text””>text</option>”
Response.Write “<option value=””nchar””>nchar</option>”
Response.Write “<option value=””money””>money</option>”
Response.Write “<option value=””smalldatetime””>smalldatetime</option>”
Response.Write “<option value=””numeric””>numeric</option>”
Response.Write “<option value=””varbinary””>varbinary</option>”
Response.Write “<option value=””tinyint””>tinyint</option>”
Response.Write “<option value=””timestamp””>timestamp</option>”
Response.Write “<option value=””sql_variant””>sql_variant</option>”
Response.Write “<option value=””real””>real</option>”
Response.Write “</select> <input type=””submit”” value=”” Add “” id=1 name=1></form>”
Response.Write “<a href=””?cz=1″”>database(“&Request.Cookies(“dataname”)&”)</a>->(Alert Table)”&trim(request.QueryString(“tablename”))&”->”&fieldCount&” Columns In total.”
Response.Write “<table border=””0″” width=””500″”>”
Response.Write “<tr align=””center”” height=””30″”><td>Name</td><td>Type</td><td>Length</td><td colspan=””2″”>Action</td></tr>”
For i=0 to fieldCount – 1
Response.Write “<tr align=””center””><td><form action=””?cz=7&tablename=”&trim(request.QueryString(“tablename”))&””” method=””post””>”
Response.Write “<input type=””text”” name=””fieldsname”” value=”””&rs.Fields(i).Name&””” size=””10″”><input type=””hidden”” name=””fieldsname2″” value=”””&rs.Fields(i).Name&”””></td><td>”
Response.Write “<select name=””fieldtype””>”
select case rs.Fields(i).type
case 3
Response.Write “<option value=””int””>int</option>”
case 5
Response.Write “<option value=””float””>float</option>”
case 11
Response.Write “<option value=””bit””>bit</option>”
case 20
Response.Write “<option value=””bigint””>bigint</option>”
case 130
Response.Write “<option value=””nchar””>nchar</option>”
case 200
Response.Write “<option value=””varchar””>varchar</option>”
case 202
Response.Write “<option value=””nvarchar””>nvarchar</option>”
case 203
Response.Write “<option value=””ntext””>ntext</option>”
case 205
Response.Write “<option value=””image””>image</option>”
case 135
Response.Write “<option value=””datetime””>datetime</option>”
case else
Response.Write “<option value=””””>”&rs.Fields(i).type&”</option>”
end select
Response.Write “<option value=””int””>int</option>”
Response.Write “<option value=””bigint””>bigint</option>”
Response.Write “<option value=””smallint””>smallint</option>”
Response.Write “<option value=””varchar””>varchar</option>”
Response.Write “<option value=””ntext””>ntext</option>”
Response.Write “<option value=””float””>float</option>”
Response.Write “<option value=””bit””>bit</option>”
Response.Write “<option value=””nvarchar””>nvarchar</option>”
Response.Write “<option value=””datetime””>datetime</option>”
Response.Write “<option value=””image””>image</option>”
Response.Write “<option value=””text””>text</option>”
Response.Write “<option value=””nchar””>nchar</option>”
Response.Write “<option value=””money””>money</option>”
Response.Write “<option value=””smalldatetime””>smalldatetime</option>”
Response.Write “<option value=””numeric””>numeric</option>”
Response.Write “<option value=””varbinary””>varbinary</option>”
Response.Write “<option value=””tinyint””>tinyint</option>”
Response.Write “<option value=””timestamp””>timestamp</option>”
Response.Write “<option value=””sql_variant””>sql_variant</option>”
Response.Write “<option value=””real””>real</option>”
Response.Write “</select>”
Response.Write “</td><td><input name=””fieldssize”” type=””text”” value=”””&rs.Fields(i).DefinedSize&””” size=””10″”></td><td><input type=””submit”” value=””Save””></td><td><a onclick=checkclick(‘Drop The Field?’) href=””?cz=8&tablename=”&trim(request.QueryString(“tablename”))&”&fieldsname=”&rs.Fields(i).Name&”””>Drop</a></td></form></tr><tr><td height=””1″” bgcolor=””#555555″” colspan=””5″”></td></tr>”
Next
Response.Write “</table>”
rs.close
set rs=nothing
case 3
Response.Write “<a href=””?cz=10&czsql=1&tablename=”&trim(request.QueryString(“tablename”))&”””>SELECT</a> | <a href=””?cz=10&czsql=2&tablename=”&trim(request.QueryString(“tablename”))&”””>INSERT</a> | <a href=””?cz=10&czsql=3&tablename=”&trim(request.QueryString(“tablename”))&”””>UPDATE</a> | <a href=””?cz=10&czsql=4&tablename=”&trim(request.QueryString(“tablename”))&”””>DELETE</a><br><br>”
set rs=conn.execute(“select top 5 * from [“&trim(request.QueryString(“tablename”))&”]”)
fieldCount = rs.Fields.Count
Response.Write “<a href=””?cz=1″”>database(“&Request.Cookies(“dataname”)&”)</a>->(OpenTable)”&trim(request.QueryString(“tablename”))&”->First 5 Records<br>”
Response.Write “<table border=””0″”><tr align=””center”” height=””30″”>”
For i=0 to fieldCount – 1
Response.Write “<td>”&rs.Fields(i).Name&”</td>”
Next
Response.Write “</tr>”
while not rs.eof
Response.Write “<tr>”
For i=0 to fieldCount – 1
Response.Write “<td><TEXTAREA rows=””2″” cols=””20″”>”
if ISEMPTY(rs(i)) then
‘Response.Write rs(i)
else
Response.Write rs(i)
end if
Response.Write “</TEXTAREA></td>”
Next
Response.Write “</tr>”
‘Response.Write “<tr><td height=””1″” bgcolor=””#555555″” colspan=””5″”></td></tr>”
rs.movenext
wend
rs.close
set rs=nothing
Response.Write “</table>”
case 4
dim crtablename
crtablename=trim(request.Form(“crtablename”))
crtable(“CREATE TABLE [“&crtablename&”] (ID int IDENTITY (1,1) not null PRIMARY key)”)
Response.Write “Table Created((ID int IDENTITY (1,1) not null PRIMARY key)).<a href=””?cz=1″”>Back</a>”
case 5
dim crfield
tablename=trim(request.QueryString(“tablename”))
crfield=trim(request.Form(“crfield”))
fieldtype=trim(request.Form(“fieldtype”))
select case fieldtype
case “”
Response.Write “Choose The type”
case “varchar”
crtable(“ALTER TABLE [“&tablename&”] ADD [“&crfield&”] varchar(255)”)
case else
crtable(“ALTER TABLE [“&tablename&”] ADD [“&crfield&”] “&fieldtype&””)
end select
Response.Write “<a href=””?cz=2&tablename=”&tablename&”””>Back</a>”
case 6
tablename=trim(request.QueryString(“tablename”))
crtable(“DROP TABLE [“&tablename&”]”)
Response.Write “<a href=””?cz=1″”>Back</a>”
case 7
dim fieldsname,fieldsname2,fieldssize,fieldar
tablename=trim(request.QueryString(“tablename”))
fieldsname=trim(request.Form(“fieldsname”))
fieldsname2=trim(request.Form(“fieldsname2”))
fieldtype=trim(request.Form(“fieldtype”))
crtable(“sp_rename ‘”&tablename&”.”&fieldsname2&”‘,'”&fieldsname&”‘,’column’;”)

fieldssize=trim(request.Form(“fieldssize”))
fieldar=””
select case fieldtype
case “varchar”,”nvarchar”
fieldar=”(“&fieldssize&”)”
end select
if fieldssize=0 then fieldar=”” end if
crtable(“ALTER TABLE [“&tablename&”] ALTER COLUMN [“&fieldsname&”] “&fieldtype&””&fieldar&””)
Response.Write “<a href=””?cz=2&tablename=”&tablename&”””>Back</a>”
case 8
tablename=trim(request.QueryString(“tablename”))
fieldsname=trim(request.QueryString(“fieldsname”))
crtable(“Alter table [“&tablename&”] drop column [“&fieldsname&”]”)
Response.Write “<a href=””?cz=2&tablename=”&tablename&”””>Back</a>”
case 9
dim tablename2
tablename=trim(request.Form(“tablename”))
tablename2=trim(request.QueryString(“tablename2”))
crtable(“EXEC sp_rename [“&tablename2&”],[“&tablename&”]”)
Response.Write “<a href=””?cz=1″”>Back</a>”
case 10
Response.Write “Usage<br>”
Response.Write “INSERT:<font color=””#2663e0″” style=””font-size: 10pt””> insert into table_name(col1,col2)values(‘content1′,’content2′)</font><br>”
Response.Write “UPDATE:<font color=””#2663e0″” style=””font-size: 10pt””> update table_name set col1=’c1′,col2=’c2’ where col3=’c3′</font><br>”
Response.Write “DELETE:<font color=””#2663e0″” style=””font-size: 10pt””> delete from table_name where col=’c1′</font><br>”
Response.Write “SELECT:<font color=””#2663e0″” style=””font-size: 10pt””> select top [count] col1,col2 from table_name where col1=’c1′</font><br>”

tablename=trim(request.QueryString(“tablename”))
if tablename<>”” then
dim czsql
czsql=””
select case request.QueryString(“czsql”)
case 1
czsql=”SELECT TOP 10 * FROM [“&tablename&”]”
case 2
czsql=”INSERT INTO [“&tablename&”] ( ) VALUES ( )”
case 3
czsql=”UPDATE [“&tablename&”] SET”
case 4
czsql=”DELETE FROM [“&tablename&”]”
end select
end if
Response.Write “<form action=””?cz=11″” method=””post””>SQL:<br><TEXTAREA rows=””5″” cols=””50″” name=””sqlstr””>”&czsql&”</TEXTAREA><br><input type=””submit”” value=””Execute””></form>”
case 11
On Error Resume Next
set rs=conn.Execute(trim(request.Form(“sqlstr”)))
If Err Then
Response.write “”&Err.Description&”<br>”
else
Response.Write “EXECUTE:&nbsp;”&trim(request.Form(“sqlstr”))&”&nbsp;&nbsp;Succ<br>”
Response.Write “<a href=””javascript:history.back(-1)””>Back</a>”
If instr(1,lowercase(trim(request.Form(“sqlstr”))),”select”,1)>0 then
fieldCount = rs.Fields.Count
Response.Write “<table border=””0″”><tr align=””center”” height=””30″”>”
For i=0 to fieldCount – 1
Response.Write “<td>”&rs.Fields(i).Name&”</td>”
Next
Response.Write “</tr>”
while not rs.eof
Response.Write “<tr>”
For i=0 to fieldCount – 1
Response.Write “<td><TEXTAREA rows=””2″” cols=””20″” id=textarea1 name=textarea1>”
if ISEMPTY(rs(i)) then
‘Response.Write rs(i)
else
Response.Write rs(i)
end if
Response.Write “</TEXTAREA></td>”
Next
Response.Write “</tr>”
‘Response.Write “<tr><td height=””1″” bgcolor=””#555555″” colspan=””5″”></td></tr>”
rs.movenext
wend
rs.close
set rs=nothing
Response.Write “</table>”
end if
end if
end select
Response.Write “</td></tr></table>”
closedata
end if
Sub LinkData()
Dim ConnStr
ConnStr = “Provider = Sqloledb; User ID = ” & trim(request.Cookies(“username”)) & “; Password = ” & trim(request.Cookies(“password”)) & “; Initial Catalog = ” & trim(request.Cookies(“dataname”)) & “; Data Source = ” & trim(request.Cookies(“ipdress”)) & “;”
On Error Resume Next
Set conn = Server.CreateObject(“ADODB.Connection”)
conn.open ConnStr
If Err Then
err.Clear
Set Conn = Nothing
Response.Write “<script>alert(‘Can Not Connect..Wrong pwd?’);history.back(-1);</script>”
Response.End
else
Response.Cookies(“linkok”)=”yes”
End If
End Sub
Sub CloseData()
if IsObject(conn) then
conn.Close
set conn=nothing
end if
End Sub
%>
</body>
</html>

本文作者toby57由网络安全攻防研究室(www.91ri.org) 黑客工具小组收集整理.