function Page_Main() { $GLOBALS["Page"] =& $this; $post = ew_StripSlashes($_POST); if (count($post) == 0) { die("Missing post data."); } //$sql = $qs->getValue("s"); $sql = @$post["s"]; $sql = ew_Decrypt($sql); if ($sql == "") { die("Missing SQL."); } if (strpos($sql, "{filter}") > 0) { $filters = ""; for ($i = 0; $i < 5; $i++) { // Get the filter values (for "IN") $filter = ew_Decrypt(@$post["f" . $i]); if ($filter != "") { $value = @$post["v" . $i]; if ($value == "") { if ($i > 0) { // Empty parent field //continue; // Allow ew_AddFilter($filters, "1=0"); } // Disallow continue; } $arValue = explode(",", $value); $fldtype = intval(@$post["t" . $i]); for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) { $arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype)); } $filter = str_replace("{filter_value}", implode(",", $arValue), $filter); ew_AddFilter($filters, $filter); } } $sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql); } // Get the query value (for "LIKE" or "=") $value = ew_AdjustSql(@$post["q"]); if ($value != "") { $sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql); $sql = str_replace("{query_value}", $value, $sql); } // Replace {query_value_n} preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out); $cnt = count($out[0]); for ($i = 0; $i < $cnt; $i++) { $j = $out[1][$i]; $v = ew_AdjustSql(@$post["q" . $j]); $sql = str_replace("{query_value_" . $j . "}", $v, $sql); } $this->GetLookupValues($sql); }
function Page_Main() { $post = ew_StripSlashes($_POST); if (count($post) == 0) { die("Missing post data."); } //$sql = $qs->getValue("s"); $sql = $post["s"]; $sql = TEAdecrypt($sql, EW_RANDOM_KEY); if ($sql == "") { die("Missing SQL."); } if (strpos($sql, "{filter}") > 0) { $filters = ""; for ($i = 0; $i < 5; $i++) { // Get the filter values (for "IN") $filter = TEAdecrypt($post["f" . $i], EW_RANDOM_KEY); if ($filter != "") { $value = $post["v" . $i]; if ($value == "") { if ($i > 0) { // Empty parent field //continue; // Allow ew_AddFilter($filters, "1=0"); } // Disallow continue; } $arValue = explode(",", $value); $fldtype = intval($post["t" . $i]); for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) { $arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype)); } $filter = str_replace("{filter_value}", implode(",", $arValue), $filter); ew_AddFilter($filters, $filter); } } $sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql); } // Get the query value (for "LIKE" or "=") $value = ew_AdjustSql(@$post["q"]); if ($value != "") { $sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql); $sql = str_replace("{query_value}", $value, $sql); } // Check custom function $fn = @$post["fn"]; if ($fn != "" && function_exists($fn)) { // Custom function(&$sql) $sql = $fn($sql); } $this->GetLookupValues($sql); }
function Page_Main() { $qs = new cQueryString(); if ($qs->Count > 0) { $Sql = $qs->getValue("s"); $Sql = TEAdecrypt($Sql, EW_RANDOM_KEY); if ($Sql != "") { // Get the filter values (for "IN") $Value = ew_AdjustSql($qs->getConvertedValue("f")); if ($Value != "") { $arValue = explode(",", $Value); $FldType = $qs->getValue("lft"); // Filter field data type if (is_numeric($FldType)) { $FldType = intval($FldType); } $cnt = count($arValue); for ($i = 0; $i < $cnt; $i++) { $arValue[$i] = ew_QuotedValue($arValue[$i], $FldType); } $Sql = str_replace("{filter_value}", implode(",", $arValue), $Sql); } // get the query value (for "LIKE" or "=") $Value = ew_AdjustSql($qs->getConvertedValue("q")); if ($Value != "") { $i = strpos($Sql, "LIKE '{query_value}%'"); if ($i > 0) { $Sql = str_replace("LIKE '{query_value}%'", ew_Like("'%" . $Value . "%'"), $Sql); } else { $Sql = str_replace("{query_value}", $Value, $Sql); } } $this->GetLookupValues($Sql); } } else { die("Missing querystring."); } }
function BuildBasicSearchSql(&$Where, &$Fld, $arKeywords, $type) { $sDefCond = $type == "OR" ? "OR" : "AND"; $sCond = $sDefCond; $arSQL = array(); // Array for SQL parts $arCond = array(); // Array for search conditions $cnt = count($arKeywords); $j = 0; // Number of SQL parts for ($i = 0; $i < $cnt; $i++) { $Keyword = $arKeywords[$i]; $Keyword = trim($Keyword); if (EW_BASIC_SEARCH_IGNORE_PATTERN != "") { $Keyword = preg_replace(EW_BASIC_SEARCH_IGNORE_PATTERN, "\\", $Keyword); $ar = explode("\\", $Keyword); } else { $ar = array($Keyword); } foreach ($ar as $Keyword) { if ($Keyword != "") { $sWrk = ""; if ($Keyword == "OR" && $type == "") { if ($j > 0) { $arCond[$j - 1] = "OR"; } } elseif ($Keyword == EW_NULL_VALUE) { $sWrk = $Fld->FldExpression . " IS NULL"; } elseif ($Keyword == EW_NOT_NULL_VALUE) { $sWrk = $Fld->FldExpression . " IS NOT NULL"; } elseif ($Fld->FldDataType != EW_DATATYPE_NUMBER || is_numeric($Keyword)) { $sFldExpression = $Fld->FldVirtualExpression != $Fld->FldExpression ? $Fld->FldVirtualExpression : $Fld->FldBasicSearchExpression; $sWrk = $sFldExpression . ew_Like(ew_QuotedValue("%" . $Keyword . "%", EW_DATATYPE_STRING)); } if ($sWrk != "") { $arSQL[$j] = $sWrk; $arCond[$j] = $sDefCond; $j += 1; } } } } $cnt = count($arSQL); $bQuoted = FALSE; $sSql = ""; if ($cnt > 0) { for ($i = 0; $i < $cnt - 1; $i++) { if ($arCond[$i] == "OR") { if (!$bQuoted) { $sSql .= "("; } $bQuoted = TRUE; } $sSql .= $arSQL[$i]; if ($bQuoted && $arCond[$i] != "OR") { $sSql .= ")"; $bQuoted = FALSE; } $sSql .= " " . $arCond[$i] . " "; } $sSql .= $arSQL[$cnt - 1]; if ($bQuoted) { $sSql .= ")"; } } if ($sSql != "") { if ($Where != "") { $Where .= " OR "; } $Where .= "(" . $sSql . ")"; } }
function BuildBasicSearchSql(&$Where, &$Fld, $Keyword) { if ($Keyword == EW_NULL_VALUE) { $sWrk = $Fld->FldExpression . " IS NULL"; } elseif ($Keyword == EW_NOT_NULL_VALUE) { $sWrk = $Fld->FldExpression . " IS NOT NULL"; } else { $sFldExpression = $Fld->FldVirtualExpression != $Fld->FldExpression ? $Fld->FldVirtualExpression : $Fld->FldBasicSearchExpression; $sWrk = $sFldExpression . ew_Like(ew_QuotedValue("%" . $Keyword . "%", EW_DATATYPE_STRING)); } if ($Where != "") { $Where .= " OR "; } $Where .= $sWrk; }
function ew_SearchString($FldOpr, $FldVal, $FldType) { if ($FldOpr == "LIKE") { return ew_Like(ew_QuotedValue("%{$FldVal}%", $FldType)); } elseif ($FldOpr == "NOT LIKE") { return " NOT " . ew_Like(ew_QuotedValue("%{$FldVal}%", $FldType)); } elseif ($FldOpr == "STARTS WITH") { return ew_Like(ew_QuotedValue("{$FldVal}%", $FldType)); } else { return " {$FldOpr} " . ew_QuotedValue($FldVal, $FldType); } }
function ew_SearchString($FldOpr, $FldVal, $FldType, $dbid) { if ($FldVal == EW_NULL_VALUE || $FldOpr == "IS NULL") { return " IS NULL"; } elseif ($FldVal == EW_NOT_NULL_VALUE || $FldOpr == "IS NOT NULL") { return " IS NOT NULL"; } elseif ($FldOpr == "LIKE") { return ew_Like(ew_QuotedValue("%{$FldVal}%", $FldType, $dbid), $dbid); } elseif ($FldOpr == "NOT LIKE") { return " NOT " . ew_Like(ew_QuotedValue("%{$FldVal}%", $FldType, $dbid), $dbid); } elseif ($FldOpr == "STARTS WITH") { return ew_Like(ew_QuotedValue("{$FldVal}%", $FldType, $dbid), $dbid); } elseif ($FldOpr == "ENDS WITH") { return ew_Like(ew_QuotedValue("%{$FldVal}", $FldType, $dbid), $dbid); } else { return " {$FldOpr} " . ew_QuotedValue($FldVal, $FldType, $dbid); } }
function Page_Main() { global $conn; $GLOBALS["Page"] =& $this; $post = ew_StripSlashes($_POST); if (count($post) == 0) { die("Missing post data."); } //$sql = $qs->getValue("s"); $sql = @$post["s"]; $sql = ew_Decrypt($sql); if ($sql == "") { die("Missing SQL."); } $dbid = @$post["d"]; $conn = ew_Connect($dbid); // Global Page Loading event (in userfn*.php) Page_Loading(); if (ob_get_length()) { // Clear output ob_clean(); } if (strpos($sql, "{filter}") > 0) { $filters = ""; $ar = preg_grep('/^f\\d+$/', array_keys($post)); foreach ($ar as $key) { // Get the filter values (for "IN") $filter = ew_Decrypt(@$post[$key]); if ($filter != "") { $i = preg_replace('/^f/', '', $key); $value = @$post["v" . $i]; if ($value == "") { if ($i > 0) { // Empty parent field //continue; // Allow ew_AddFilter($filters, "1=0"); } // Disallow continue; } $arValue = explode(",", $value); $fldtype = intval(@$post["t" . $i]); $flddatatype = ew_FieldDataType($fldtype); $bValidData = TRUE; for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) { if ($flddatatype == EW_DATATYPE_NUMBER && !is_numeric($arValue[$j])) { $bValidData = FALSE; break; } else { $arValue[$j] = ew_QuotedValue($arValue[$j], $flddatatype, $dbid); } } if ($bValidData) { $filter = str_replace("{filter_value}", implode(",", $arValue), $filter); } else { $filter = "1=0"; } $fn = @$post["fn" . $i]; if ($fn == "" || !function_exists($fn)) { $fn = "ew_AddFilter"; } $fn($filters, $filter); } } $sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql); } // Get the query value (for "LIKE" or "=") $value = ew_AdjustSql(@$_GET["q"], $dbid); // Get the query value from querystring if ($value == "") { $value = ew_AdjustSql(@$post["q"], $dbid); } // Get the value from post if ($value != "") { $sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\'', $dbid), $sql); $sql = str_replace("{query_value}", $value, $sql); } // Replace {query_value_n} preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out); $cnt = count($out[0]); for ($i = 0; $i < $cnt; $i++) { $j = $out[1][$i]; $v = ew_AdjustSql(@$post["q" . $j], $dbid); $sql = str_replace("{query_value_" . $j . "}", $v, $sql); } $this->GetLookupValues($sql, $dbid); $result = ob_get_contents(); // Global Page Unloaded event (in userfn*.php) Page_Unloaded(); if (ob_get_length()) { // Clear output ob_clean(); } // Close connection ew_CloseConn(); // Output echo $result; }
function BuildBasicSearchSql(&$Where, &$Fld, $Keyword) { $sFldExpression = $Fld->FldVirtualExpression != "" ? $Fld->FldVirtualExpression : $Fld->FldExpression; $lFldDataType = $Fld->FldIsVirtual ? EW_DATATYPE_STRING : $Fld->FldDataType; if ($lFldDataType == EW_DATATYPE_NUMBER) { $sWrk = $sFldExpression . " = " . ew_QuotedValue($Keyword, $lFldDataType); } else { $sWrk = $sFldExpression . ew_Like(ew_QuotedValue("%" . $Keyword . "%", $lFldDataType)); } if ($Where != "") { $Where .= " OR "; } $Where .= $sWrk; }