checkTableName PHP Code Examples

Example #1

0

Show file

File: searchsuggest.php Project: sdev1/CloudStockEnquiry

<?php

@ini_set("display_errors", "1");
@ini_set("display_startup_errors", "1");
require_once "include/dbcommon.php";
add_nocache_headers();
$table = postvalue("table");
$strTableName = GetTableByShort($table);
if (!checkTableName($table)) {
    exit(0);
}
require_once "include/" . $table . "_variables.php";
$searchFor = postvalue('searchFor');
// if nothing to search
if ($searchFor == '') {
    echo printJSON(array('success' => true, 'result' => ''));
    return;
}
$_connection = $cman->byTable($strTableName);
// array of vals
$response = array();
$searchOpt = postvalue("start") ? "Starts with" : "Contains";
$searchField = GoodFieldName(postvalue('searchField'));
$strSecuritySql = SecuritySQL("Search", $strTableName);
$numberOfSuggests = GetGlobalData("searchSuggestsNumber", 10);
$pSet = new ProjectSettings($strTableName, PAGE_SEARCH);
if ($searchField == "") {
    $allSearchFields = $pSet->getGoogleLikeFields();
} else {
    // array of fields which were added in wizard for search
    $allSearchFields = $pSet->getAllSearchFields();

Example #2

0

Show file

File: dchartdata.php Project: ryanblanchard/Dashboard

@ini_set("display_errors", "1");
@ini_set("display_startup_errors", "1");
require_once "include/dbcommon.php";
header("Expires: Thu, 01 Jan 1970 00:00:01 GMT");
require_once "classes/charts.php";
require_once getabspath("include/xml.php");
require_once getabspath("classes/searchclause.php");
if (!isLogged()) {
    Security::saveRedirectURL();
    HeaderRedirect("login", "", "message=expired");
    return;
}
$xml = new xml();
$chrt_strXML = "";
if (checkTableName(postvalue("chartname"), titCHART)) {
    include_once "include/" . postvalue("chartname") . "_variables.php";
    $chrt_strXML = GetChartXML(postvalue("chartname"));
    $chrt_array = $xml->xml_to_array($chrt_strXML);
    $_SESSION["webobject"]["table_type"] = "project";
    $_SESSION["object_sql"] = "";
}
$webchart = false;
if (!$chrt_strXML) {
    $sessPrefix = "webchart" . postvalue('cname');
    $chrt_strXML = LoadSelectedChart(postvalue('cname'));
    $webchart = true;
    $chrt_array = $xml->xml_to_array($chrt_strXML);
    if (is_wr_project()) {
        include_once "include/" . $chrt_array['settings']['short_table_name'] . "_variables.php";
    }

Example #3

0

Show file

File: commonfunctions.php Project: aagusti/padl-tng

function GetImageFromDB($gQuery, $forPDF = false, $params = array())
{
    global $conn;
    if (!$forPDF) {
        $table = postvalue("table");
        $strTableName = GetTableByShort($table);
        $settings = new ProjectSettings($strTableName);
        if (!checkTableName($table)) {
            return '';
        }
        //include("include/".$table."_variables.php");
        @ini_set("display_errors", "1");
        @ini_set("display_startup_errors", "1");
        if (!isLogged() || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) {
            header("Location: login.php");
            return;
        }
        $field = postvalue("field");
        if (!$settings->checkFieldPermissions($field)) {
            return DisplayNoImage();
        }
        //	construct sql
        $keysArr = $settings->getTableKeys();
        $keys = array();
        foreach ($keysArr as $ind => $k) {
            $keys[$k] = postvalue("key" . ($ind + 1));
        }
    } else {
        $table = @$params["table"];
        $strTableName = GetTableByShort($table);
        if (!checkTableName($table)) {
            exit(0);
        }
        $settings = new ProjectSettings($strTableName);
        $field = @$params["field"];
        //	construct sql
        $keysArr = $settings->getTableKeys();
        $keys = array();
        foreach ($keysArr as $ind => $k) {
            $keys[$k] = @$params["key" . ($ind + 1)];
        }
    }
    if (!$gQuery->HasGroupBy()) {
        // Do not select any fields except current (image) field.
        // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
        // Just don't do anything in that case.
        $gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field));
    }
    $where = KeyWhere($keys);
    $sql = $gQuery->gSQLWhere($where);
    $rs = db_query($sql, $conn);
    if ($forPDF) {
        if ($rs && ($data = db_fetch_array($rs))) {
            return $data[$field];
        }
    } else {
        if (!$rs || !($data = db_fetch_array($rs))) {
            return DisplayNoImage();
        }
        if (postvalue('src') == 1 && strlen($data[$field]) > 51200) {
            $value = myfile_get_contents('images/icons/jpg.png');
        } else {
            $value = db_stripslashesbinary($data[$field]);
        }
        if (!$value) {
            if (postvalue("alt")) {
                $value = db_stripslashesbinary($data[postvalue("alt")]);
                if (!$value) {
                    return DisplayNoImage();
                }
            } else {
                return DisplayNoImage();
            }
        }
        $itype = SupposeImageType($value);
        if (!$itype) {
            return DisplayFile();
        }
        if (!isset($pdf)) {
            header("Content-Type: " . $itype);
            header("Cache-Control: private");
            SendContentLength(strlen_bin($value));
        }
        echoBinary($value);
        return '';
    }
}

Example #4

0

Show file

File: detreccount.php Project: samsulpendis/Instant_Appointment

<?php

@ini_set("display_errors", "1");
@ini_set("display_startup_errors", "1");
include "include/dbcommon.php";
header("Expires: Thu, 01 Jan 1970 00:00:01 GMT");
$mSTable = postvalue("mSTable");
if (!checkTableName($mSTable)) {
    $respObj = array("success" => false, "error" => 'Wrong master short table name');
    echo my_json_encode($respObj);
    return;
}
include "include/" . $mSTable . "_variables.php";
$dSTable = postvalue("dSTable");
if (!checkTableName($dSTable)) {
    $respObj = array("success" => false, "error" => 'Wrong detail short table name');
    echo my_json_encode($respObj);
    return;
}
include "include/" . $dSTable . "_variables.php";
if (!@$_SESSION["UserID"] || !CheckSecurity(@$_SESSION["_" . $strTableName . "_OwnerID"], "Search")) {
    $respObj = array("success" => false, "error" => '');
    echo my_json_encode($respObj);
    return;
}
include 'include/xtempl.php';
include 'classes/runnerpage.php';
$mKeys = json_decode(postvalue("mKeys"));
$mTable = postvalue("mTable");
$dTable = postvalue("dTable");
$pageType = postvalue("pageType");

Example #5

0

Show file

File: commonfunctions.php Project: sdev1/CloudStockEnquiry

/**
 * @intellisense
 */
function GetImageFromDB($gQuery, $forPDF = false, $params = array())
{
    global $cman;
    if (!$forPDF) {
        $table = postvalue("table");
        $strTableName = GetTableByShort($table);
        $settings = new ProjectSettings($strTableName);
        if (!checkTableName($table)) {
            return '';
        }
        @ini_set("display_errors", "1");
        @ini_set("display_startup_errors", "1");
        $field = postvalue("field");
        if (!$settings->checkFieldPermissions($field)) {
            return DisplayNoImage();
        }
        //	construct sql
        $keysArr = $settings->getTableKeys();
        $keys = array();
        foreach ($keysArr as $ind => $k) {
            $keys[$k] = postvalue("key" . ($ind + 1));
        }
    } else {
        $table = @$params["table"];
        $strTableName = GetTableByShort($table);
        if (!checkTableName($table)) {
            exit(0);
        }
        $settings = new ProjectSettings($strTableName);
        $field = @$params["field"];
        //	construct sql
        $keysArr = $settings->getTableKeys();
        $keys = array();
        foreach ($keysArr as $ind => $k) {
            $keys[$k] = @$params["key" . ($ind + 1)];
        }
    }
    $connection = $cman->byTable($strTableName);
    if (!$gQuery->HasGroupBy()) {
        // Do not select any fields except current (image) field.
        // If query has 'group by' clause then other fields are used in it and we may not simply cut 'em off.
        // Just don't do anything in that case.
        $gQuery->RemoveAllFieldsExcept($settings->getFieldIndex($field));
    }
    $where = KeyWhere($keys);
    $sql = $gQuery->gSQLWhere($where);
    $data = $connection->query($sql)->fetchAssoc();
    if ($forPDF) {
        if ($data) {
            return $data[$field];
        }
    } else {
        if (!$data) {
            return DisplayNoImage();
        }
        if (postvalue('src') == 1) {
            $value = myfile_get_contents('images/icons/jpg.png');
        } else {
            $value = $connection->stripSlashesBinary($data[$field]);
        }
        if (!$value) {
            if (postvalue("alt")) {
                $value = $connection->stripSlashesBinary($data[postvalue("alt")]);
                if (!$value) {
                    return DisplayNoImage();
                }
            } else {
                return DisplayNoImage();
            }
        }
        $itype = SupposeImageType($value);
        if (!$itype) {
            return DisplayFile();
        }
        if (!isset($pdf)) {
            header("Content-Type: " . $itype);
            header("Cache-Control: private");
            SendContentLength(strlen_bin($value));
        }
        echoBinary($value);
        return '';
    }
}

Example #6

0

Show file

File: database.php Project: hcopr/Hubbub

function DB_RemoveDataset($tablename, $keyvalue, $keyname = null)
{
    DB_Connect();
    checkTableName($tablename);
    if ($keyname == null) {
        $keynames = DB_GetKeys($tablename);
        $keyname = $keynames[0];
    }
    cache_delete($tablename . ':' . $dataset[$keyname] . ':' . $keyname);
    $rs = mysql_query('DELETE FROM ' . $tablename . ' WHERE ' . $keyname . '="' . DB_Safe($keyvalue) . '";', $GLOBALS['db_link']) or $DBERR = mysql_error($GLOBALS['db_link']) . '{ ' . $query . ' }';
    if (trim($DBERR) != '') {
        logError('error_sql', $DBERR);
    }
}

PHP checkTableName Examples