jsp执行sql语句代码

jsp执行sql语句代码
 function executesql($operation,$sql)

 {

        global $db;

  if($operation == 'file')

  {

         require_once PHPCMS_ROOT.'include/upload.class.php';

   $savepath = 'data/bakup/';

   $upload = new upload('uploadfile',$savepath,'','sql','4096000',1);

   if(!$upload->up())

   {

    showmessage($upload->error());

   }

   $sql = file_get_contents($upload->uploadedfiles[0][saveto]);

   dir_delete($savepath.date('Y'));

            if(trim($sql) != '') sql_execute($sql);

  }

        if(empty($sql))

        {

            return false;

        }

        //sql执行

        $sql = stripslashes($sql);

        $sql = str_replace("\", "", $sql);

        $sql = str_replace("r", "", $sql);

        $query_items = split(";[ t]{0,}n",$sql);

        foreach ($query_items as $key=>$value)

        {

            if (empty($value))

            {

                unset($query_items[$key]);

            }

        }

        if(count($query_items) > 1)

        {

            foreach ($query_items as $key=>$value)

            {

                if(!$result=$db->query($value, 'SILENT'))

                {

                    return false;

                }

            }

            return true; //退出函数

        }

        else

        {

            if (preg_match("/^(?:UPDATE|DELETE|TRUNCATE|ALTER|DROP|FLUSH|INSERT|REPLACE|SET|CREATE)\s+/i", $sql))

            {

                $result = $db->query($sql);

                return $result;

            }

            else

            {

                 $result = $db->query($sql);

                 $data=array();

     while($r=$db->fetch_array($result))

                 {

                    $data[]=$r;

                 }

                 return $data;

            }

        }

 }