function parseSelect($str) { global $replace; $str = strReplaceAssoc($replace, $str); $arr = explode("\n", $str); foreach ($arr as $k => $v) { $v = trim($v); if (!empty($v)) { $tmp = strReplaceAssoc(array('<value>' => '', '</value>' => '', '<title>' => '', '</title>' => ''), $v); if (empty($tmp)) { $tmp = ""; } $new[] = $tmp; } } $count = count($new); for ($i = 0; $i < $count;) { if (!isset($new[$i + 1])) { $insert[] = $new[$i] . '|' . ''; } else { $insert[] = $new[$i] . '|' . $new[$i + 1]; } $i = $i + 2; } return join("\n", $insert); }
function queryDB(&$db, $structure, $table) { global $statsMethodDefs, $constraintTypes, $orderOptions, $shortNames; global $specialTables, $specialFields; global $wonitorStructure, $ns2plusStructure; $isWonitor = $structure == $wonitorStructure; // select data $dataFields = array(); $dataRequests = ['all']; if (isset($_GET['data'])) { $dataRequests = explode(',', strReplaceAssoc($shortNames, $_GET['data'])); } foreach ($dataRequests as $value) { $dataField = $value; $dataFieldRename = ''; /* i.e. data=length_sum, data=winner_avg, data=numPlayers_cnt */ $dataStatsMethod = substr($value, -4); if (isset($statsMethodDefs[$dataStatsMethod])) { $dataField = substr($value, 0, -4); } else { $dataStatsMethod = ''; } if ($dataField == '') { continue; } elseif (isset($specialFields[$dataField])) { $dataFields[] = $specialFields[$dataField]; continue; } elseif (isValidField($structure, $table, $dataField)) { $dataFieldQuery = getFieldQuery($structure, $table, $dataField); } else { exit; // exit here to indicate sth is wrong } if ($dataFieldQuery != $dataField) { $dataFieldRename = ' AS ' . $dataField; } if ($dataStatsMethod == '') { $dataFields[] = $dataFieldQuery . $dataFieldRename; } else { // COUNT ( length ) AS length_cnt , length $dataFields[] = $statsMethodDefs[$dataStatsMethod] . '(' . $dataFieldQuery . ') AS ' . $dataField . $dataStatsMethod . ($dataStatsMethod == '_cnt' ? ', ' . $dataFieldQuery . $dataFieldRename : ''); // no injection here because we tested the fields earlier } } if (!$dataFields) { exit; // data field is required } $data = implode(', ', $dataFields); // grouping $groupBy = array(); if (isset($_GET['group_by'])) { $groups = explode(',', $_GET['group_by']); foreach ($groups as $index => $value) { if ($value == '') { continue; } $group = explode('_every_', $value); $groupField = $group[0]; if (!isValidField($structure, $table, $groupField)) { continue; } $groupFieldQuery = getFieldQuery($structure, $table, $groupField); if (isset($group[1])) { $binsize = (double) $group[1]; if ($binsize == 0) { $binsize = 1; } $data .= ', CAST(' . $groupFieldQuery . '/' . $binsize . ' AS INTEGER)*' . $binsize . ' AS [group' . ($index + 1) . ']'; // no injection here because we tested the group earlier //$data .= ', ROUND(' . $groupField . '/' . $binsize . ')*' . $binsize.' AS [group'.($index==0 ? '' : $index+1 ).']'; } else { $data .= ', ' . $groupFieldQuery . ' AS [group' . ($index + 1) . ']'; } $groupBy[] = '[group' . ($index + 1) . ']'; } } // constraints $constraints = array(); $bindings = array(); foreach ($_GET as $key => $value) { if (strlen($key) < 3) { continue; } $constraintField = substr($key, 0, -3); $constraintType = substr($key, -3); if (($constraintField == 'map' || $constraintField == 'mapName') && strpos($value, '@official') !== false) { $officialMaps = 'ns2_biodome,ns2_caged,ns2_derelict,ns2_descent,ns2_docking,ns2_eclipse,ns2_kodiak,ns2_mineshaft,ns2_refinery,ns2_summit,ns2_tram,ns2_veil'; $value = str_replace('@official', $officialMaps, $value); } $constraintValues = explode(',', $value); /* i.e. map_is=..., length_gt=..., numPlayers_ge=... */ if (!isset($constraintTypes[$constraintType])) { continue; } if (!isValidField($structure, $table, $constraintField)) { continue; } $constraintFieldQuery = getFieldQuery($structure, $table, $constraintField); if ($constraintType == '_is') { // IS constraints are chained with OR $subconstraint = array(); foreach ($constraintValues as $index => $constraintValue) { // numPlayers >= :numPlayers_ge1 $subconstraint[] = $constraintFieldQuery . ' ' . $constraintTypes[$constraintType] . ' :' . $key . ($index + 1); } if (count($subconstraint) == 1) { // no ugly brackets in query for a single constraint $constraints[] = $subconstraint[0]; } else { $constraints[] = '( ' . implode(' OR ', $subconstraint) . ' )'; } } else { foreach ($constraintValues as $index => $constraintValue) { $constraints[] = $constraintFieldQuery . ' ' . $constraintTypes[$constraintType] . ' :' . $key . ($index + 1); } } foreach ($constraintValues as $index => $constraintValue) { $bindings[] = array('key' => ':' . $key . ($index + 1), 'value' => $constraintValue); } } // ordering $orderBy = array(); if (isset($_GET['order_by'])) { $orders = explode(',', $_GET['order_by']); foreach ($orders as $index => $value) { $order = explode('_', $value); // NOTE we can't have fieldnames with _ because auf this $orderField = $order[0]; $orderDirection = $order[1]; if (!isValidField($structure, $table, $orderField)) { continue; } $orderFieldQuery = getFieldQuery($structure, $table, $orderField); $orderBy[] = $orderField . (isset($orderDirection, $orderOptions[$orderDirection]) ? ' ' . $orderOptions[$orderDirection] : ''); } } // build and prepare query $query = 'SELECT ' . $data; if (isset($specialTables[$table])) { $query .= ' FROM (' . $specialTables[$table] . ') AS ' . $table . ' '; // NOTE this is safe because we checked the table exists } else { $query .= ' FROM ' . $table; // NOTE this is safe because we checked the table exists } if ($constraints) { $query .= ' WHERE ' . implode(' AND ', $constraints); } if ($groupBy) { $query .= ' GROUP BY ' . implode(', ', $groupBy); } if ($orderBy) { $query .= ' ORDER BY ' . implode(', ', $orderBy); } if (isset($_GET['showQuery'])) { echo $query . "<br /><br />\n"; } $statement = $db->prepare($query); // bind values foreach ($bindings as $binding) { $statement->bindValue($binding['key'], $binding['value'], is_numeric($binding['value']) ? PDO::PARAM_INT : PDO::PARAM_STR); // NOTE this is safe because we check the key above } // query db $statement->setFetchMode(PDO::FETCH_ASSOC); $statement->execute(); $result = []; $fetch = isset($_GET['fetch']) ? $_GET['fetch'] : 'all'; switch ($fetch) { case 'first': $result = $statement->fetch() || null; break; case 'last': $result = $statement->fetchAll(); $result = count($result) > 1 ? $result[count($result) - 1] : null; break; default: case 'all': $result = $statement->fetchAll(); } // print results echo json_encode($result) . "\n"; //foreach( $result as $row ) {var_dump( $row );} }
if ($ebays->title != '') { $carlist .= '<tr>'; $carlist .= '<td>' . $ebays->title . ' </td>'; $carlist .= '<td> - $' . number_format($ebays->buyItNowPrice, 2) . '</td>'; $carlist .= '</tr>'; $flage = true; $common->update('contact', array("mail_date" => $currentTimestamp, 'status' => 1), ' id=' . $contact_id); } } } } $carlist .= '</table>'; //echo $carlist; die; if ($flage) { $replaces = array('[CUSTOMER_NAME]' => $name, '[CAR_LIST]' => $carlist, '[ADDRESS]' => $address, '[TELEPHONE]' => $phone, '[EMAIL_ADDRESS]' => $adminemail, '[TERMS_URL]' => DEFAULT_URL); $messages = strReplaceAssoc($replaces, $message); $headers = "From: " . $adminemail . "\r\n"; $headers .= "Reply-To: " . $adminemail . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; //echo $messages; die; //mail($toEmail,$subject,$messages,$headers); sendSmtpMail($toEmail, $subject, $message); $common->save('email_log', array("email" => $toEmail, "content" => $messages, "sent_date" => $currentTimestamp, "next_date" => $next, 'status' => 1)); if ($i == $count) { $_SESSION['success_msg'] = "Mail Sent Succefully"; echo '<script>alert("thanks");window.location.href="' . DEFAULT_ADMIN_URL . '/template/reminder/index.php";</script>'; exit; } $i++; }