Почетна Преглед Помоћ
Пријавите се
bn
/
se
2
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Дрво: f82e144fc5
Гране Ознаке
se
/
SE
/
superedit-FILTER_SEARCH.php

superedit-FILTER_SEARCH.php 4.3 KB
Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. <?php
    2. 

  2. 

  3. //@2012-04-24 - bindera - added search of queries more ( > ) or less ( < ) ! (not like)
    4. 

  4. //@2012-05-07 - plabudda - fix sql injection "<1); drop table XXX; -- "
    5. 

  5. function FILTER_SEARCH() {
    6. 

  6. global $thiss,$ARG1,$ARG1_VAL;
    7. 

  7. 				SEF('RELATIVEDB_SRC_COLUMN');
    8. 

  8. 

  9. if (!empty($ARG1)) {
    10. 

  10. 	if ($ARG1 == 'MENU_FIND') {
    11. 

  11. 		if (!isset($_SESSION[$thiss->DETECT_TABLE_COLUMN]['MENU_FIND'])) {
    12. 

  12. 			foreach ($_SESSION[$thiss->DETECT_TABLE_COLUMN]['DESC'] as $value) {
    13. 

  13. 				$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FIND']["$value"] = "%";
    14. 

  14. 			}
    15. 

  15. 		}
    16. 

  16. 		$_SESSION[$thiss->DETECT_TABLE_COLUMN]['MENU_FIND'] = $ARG1_VAL;
    17. 

  17. 

  18. 		if (!($ARG1_VAL)) {
    19. 

  19. 			unset($_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL']);
    20. 

  20. 		}
    21. 

  21. 	}
    22. 

  22. }
    23. 

  23. 

  24. if (($_POST) || ($_GET['ID_BILLING_USERS']) || $_GET['NAME_LIST_SERVICES']) {
    25. 

  25. 

  26. 	if (isset($_GET['NAME_LIST_SERVICES'])) {
    27. 

  27. 		SEF('MENU_INIT_TRANSLATE');
    28. 

  28. 		MENU_INIT_TRANSLATE($_GET['NAME_LIST_SERVICES']);
    29. 

  29. 	}
    30. 

  30. 	$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] = "and ( ".$thiss->DETECT_TABLE_NAME.".ID like '%' ";
    31. 

  31. 

  32. 	foreach ($_SESSION[$thiss->DETECT_TABLE_COLUMN]['DESC'] as $value) {
    33. 

  33. 	
    34. 

  34. 	   //@2012-10-01 Czy nie jest HIDE!!!
    35. 

  35. 	   //@2012-10-12 usuwanie bledow warning by sqix
    36. 

  36. 	   if(isset($_SESSION[$thiss->DETECT_TABLE_COLUMN]['HIDE'][$_SESSION[$thiss->DETECT_TABLE_COLUMN]['DESC_TO_KEY'][$value]])) $TST121012['Line34']=$_SESSION[$thiss->DETECT_TABLE_COLUMN]['HIDE'][$_SESSION[$thiss->DETECT_TABLE_COLUMN]['DESC_TO_KEY'][$value]];
    37. 

  37. 	   else $TST121012['Line34']="";
    38. 

  38. 	 if(!$TST121012['Line34']=='HIDE') {
    39. 

  39. 	
    40. 

  40. 	//   echo "Value nie hide : ".$value;
    41. 

  41. 	
    42. 

  42. 		if (isset($_REQUEST[$value])) {
    43. 

  43. 			
    44. 

  44. 			 $_SESSION[$thiss->DETECT_TABLE_COLUMN]['FIND']["$value"] = $_REQUEST[$value];
    45. 

  45. 

  46. 			//if (isset($_GET["$value"])) $_POST["$value"] = $_GET["$value"];// nie działa nadpisywanie POST przez GET
    47. 

  47. 			if (is_array($_REQUEST[$value])) {
    48. 

  48. 				if (in_array("%", $_REQUEST[$value])) {
    49. 

  49. 					//$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and " . RELATIVEDB_SRC_COLUMN($value) . " like '%' ";
    50. 

  50. 				}
    51. 

  51. 				else {
    52. 

  52. 					$out_values_in = array();
    53. 

  53. 					foreach ($_REQUEST[$value] as $v_value) {
    54. 

  54. 						$out_values_in []= "'" . $v_value . "'";
    55. 

  55. 					}//end foreach
    56. 

  56. 					$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and " . RELATIVEDB_SRC_COLUMN($value) . " in(" . implode(",", $out_values_in) . ") ";
    57. 

  57. 				}
    58. 

  58. 			}
    59. 

  59. 			else if ($_REQUEST[$value] == "%") {
    60. 

  60. 

  61. 				// echo "<hr>POST VALUE!!".$value;
    62. 

  62. 				if(strlen(RELATIVEDB_SRC_COLUMN($value))<1)
    63. 

  63. 				 die("<br>ERROR: nie mozna znalezc RELATIVEDB_SRC_COLUMN(".$value.")");
    64. 

  64. 				$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ( ".RELATIVEDB_SRC_COLUMN($value)." like '".$_REQUEST[$value]."' or ".RELATIVEDB_SRC_COLUMN($value)." is NULL ) ";
    65. 

  65. 

  66. 				//ADDED BY BZYK @ 2012-01-20 - nie chcemy otomina
    67. 

  67. #				if (RELATIVEDB_SRC_COLUMN($value) == "USERS2.T_NETWORK_SERVER") $_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." !='otomin.chelmnet.pl' ";
    68. 

  68. #				if (RELATIVEDB_SRC_COLUMN($value) == "SES_TV_A.T_NETWORK_SERVER") $_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." !='SC-OTOMIN-TV' ";
    69. 

  69. 

  70. 			}
    71. 

  71. 			else {
    72. 

  72. 				// Obsługa >= <= !
    73. 

  73. 				if ( $_REQUEST[$value][0] == "<" && $_REQUEST[$value][1] == "=") {
    74. 

  74. 					$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." <= '".substr($_REQUEST[$value], 2)."' ";
    75. 

  75. 				}
    76. 

  76. 				else if ( $_REQUEST[$value][0] == ">" && $_REQUEST[$value][1] == "=") {
    77. 

  77. 					$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." >= '".substr($_REQUEST[$value], 2)."' ";
    78. 

  78. 				}
    79. 

  79. 				else if ($_REQUEST[$value][0] == ">") {
    80. 

  80. 					$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." > '".substr($_REQUEST[$value], 1)."' ";
    81. 

  81. 				}
    82. 

  82. 				else if ($_REQUEST[$value][0] == "<") {
    83. 

  83. 					$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." < '".substr($_REQUEST[$value], 1)."' ";
    84. 

  84. 				}
    85. 

  85. 				else if ($_REQUEST[$value][0] == "!") {
    86. 

  86. 					$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)."  not like '".substr($_REQUEST[$value],1)."' ";
    87. 

  87. 				}
    88. 

  88. 				else {
    89. 

  89. 					$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " and ".RELATIVEDB_SRC_COLUMN($value)." like '".$_REQUEST[$value]."' ";
    90. 

  90. 				}
    91. 

  91. 			}
    92. 

  92. 		}
    93. 

  93. 	}//EOF foreach
    94. 

  94. 	
    95. 

  95.    } //eof czy nie jest HIDE
    96. 

  96. 	$_SESSION[$thiss->DETECT_TABLE_COLUMN]['FINDSQL'] .= " ) ";
    97. 

  97. }//EOF if($POST)
    98. 

  98. 

  99. }
    100.