) or less ( < ) ! (not like)
//@2012-05-07 - plabudda - fix sql injection "<1); drop table XXX; -- "
function FILTER_SEARCH() {
global $thiss,$ARG1,$ARG1_VAL;
SEF('RELATIVEDB_SRC_COLUMN');
if (!empty($ARG1)) {
if ($ARG1 == 'MENU_FIND') {
if (!isset($_SESSION[$thiss->DETECT_TABLE_COLUMN]['MENU_FIND'])) {
foreach ($_SESSION[$thiss->DETECT_TABLE_COLUMN]['DESC'] as $value) {
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FIND']["$value"] = "%";
}
}
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['MENU_FIND'] = $ARG1_VAL;
if (!($ARG1_VAL)) {
unset($_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL']);
}
}
}
if (($_POST) || ($_GET['ID_BILLING_USERS']) || $_GET['NAME_LIST_SERVICES']) {
if (isset($_GET['NAME_LIST_SERVICES'])) {
SEF('MENU_INIT_TRANSLATE');
MENU_INIT_TRANSLATE($_GET['NAME_LIST_SERVICES']);
}
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] = "and ( ".$thiss->DETECT_TABLE_NAME.".ID like '%' ";
foreach ($_SESSION[$thiss->DETECT_TABLE_COLUMN]['DESC'] as $value) {
//@2012-10-01 Czy nie jest HIDE!!!
//@2012-10-12 usuwanie bledow warning by sqix
if(isset($_SESSION[$thiss->DETECT_TABLE_COLUMN]['HIDE'][$_SESSION[$thiss->DETECT_TABLE_COLUMN]['DESC_TO_KEY'][$value]])) $TST121012['Line34']=$_SESSION[$thiss->DETECT_TABLE_COLUMN]['HIDE'][$_SESSION[$thiss->DETECT_TABLE_COLUMN]['DESC_TO_KEY'][$value]];
else $TST121012['Line34']="";
if(!$TST121012['Line34']=='HIDE') {
// echo "Value nie hide : ".$value;
if (isset($_REQUEST[$value])) {
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FIND']["$value"] = $_REQUEST[$value];
//if (isset($_GET["$value"])) $_POST["$value"] = $_GET["$value"];// nie działa nadpisywanie POST przez GET
if (is_array($_REQUEST[$value])) {
if (in_array("%", $_REQUEST[$value])) {
//$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and " . RELATIVEDB_SRC_COLUMN($value) . " like '%' ";
}
else {
$out_values_in = array();
foreach ($_REQUEST[$value] as $v_value) {
$out_values_in []= "'" . $v_value . "'";
}//end foreach
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and " . RELATIVEDB_SRC_COLUMN($value) . " in(" . implode(",", $out_values_in) . ") ";
}
}
else if ($_REQUEST[$value] == "%") {
// echo "
POST VALUE!!".$value;
if(strlen(RELATIVEDB_SRC_COLUMN($value))<1)
die("
ERROR: nie mozna znalezc RELATIVEDB_SRC_COLUMN(".$value.")");
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ( ".RELATIVEDB_SRC_COLUMN($value)." like '".$_REQUEST[$value]."' or ".RELATIVEDB_SRC_COLUMN($value)." is NULL ) ";
//ADDED BY BZYK @ 2012-01-20 - nie chcemy otomina
# if (RELATIVEDB_SRC_COLUMN($value) == "USERS2.T_NETWORK_SERVER") $_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." !='otomin.chelmnet.pl' ";
# if (RELATIVEDB_SRC_COLUMN($value) == "SES_TV_A.T_NETWORK_SERVER") $_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." !='SC-OTOMIN-TV' ";
}
else {
// Obsługa >= <= !
if ( $_REQUEST[$value][0] == "<" && $_REQUEST[$value][1] == "=") {
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." <= '".substr($_REQUEST[$value], 2)."' ";
}
else if ( $_REQUEST[$value][0] == ">" && $_REQUEST[$value][1] == "=") {
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." >= '".substr($_REQUEST[$value], 2)."' ";
}
else if ($_REQUEST[$value][0] == ">") {
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." > '".substr($_REQUEST[$value], 1)."' ";
}
else if ($_REQUEST[$value][0] == "<") {
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." < '".substr($_REQUEST[$value], 1)."' ";
}
else if ($_REQUEST[$value][0] == "!") {
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." not like '".substr($_REQUEST[$value],1)."' ";
}
else {
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." like '".$_REQUEST[$value]."' ";
}
}
}
}//EOF foreach
} //eof czy nie jest HIDE
$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " ) ";
}//EOF if($POST)
}