/** * construct SQL WHERE clause for Advanced search * @intellisense */ function StrWhereAdv($strField, $SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { global $strTableName; $pSet = new ProjectSettings($strTableName, PAGE_SEARCH); $cipherer = new RunnerCipherer($strTableName); $type = $pSet->getFieldType($strField); $isOracle = false; $ismssql=false; $isdb2=false; $btexttype=IsTextType($type); $btexttype=false; $isMysql = true; if(IsBinaryType($type)) return ""; if($strSearchOption=='Empty') { if(IsCharType($type) && (!$ismssql || !$btexttype) && !$isOracle) { return "(".GetFullFieldNameForInsert($pSet, $strField)." is null or ".GetFullFieldNameForInsert($pSet, $strField)."='')"; } elseif ($ismssql && $btexttype) { return "(".GetFullFieldNameForInsert($pSet, $strField)." is null or ".GetFullFieldNameForInsert($pSet, $strField)." LIKE '')"; } else { return GetFullFieldNameForInsert($pSet, $strField)." is null"; } } $like="like"; if($pSet->getEditFormat($strField) == EDIT_FORMAT_LOOKUP_WIZARD) { if($pSet->multiSelect($strField)) $SearchFor=splitvalues($SearchFor); else $SearchFor=array($SearchFor); $ret=""; foreach($SearchFor as $searchValue) { $value = $searchValue; if(!($value=="null" || $value=="Null" || $value=="")) { if(strlen($ret)) $ret.=" or "; if($strSearchOption=="Equals") { $value=make_db_value($strField,$value); if(!($value=="null" || $value=="Null")) $ret.=GetFullFieldName($strField, "", false).'='.$value; } elseif($isSuggest) { $ret.=" ".GetFullFieldName($strField, "", false)." ".$like." ".db_prepare_string('%'.$value.'%'); } else { if(strpos($value,",")!==false || strpos($value,'"')!==false) $value = '"'.str_replace('"','""',$value).'"'; if ($isMysql) { $value = str_replace('\\\\', '\\\\\\\\', $value); } //for search by multiply Lookup wizard field $ret.=GetFullFieldName($strField, "", false)." = ".db_prepare_string($value); $ret.=" or ".GetFullFieldName($strField, "", false)." ".$like." ".db_prepare_string("%,".$value.",%"); $ret.=" or ".GetFullFieldName($strField, "", false)." ".$like." ".db_prepare_string("%,".$value); $ret.=" or ".GetFullFieldName($strField, "", false)." ".$like." ".db_prepare_string($value.",%"); } } } if(strlen($ret)) $ret="(".$ret.")"; return $ret; } if($pSet->getEditFormat($strField) == EDIT_FORMAT_CHECKBOX) { if($SearchFor=="none") return ""; if(NeedQuotes($type)) { $isOracle = false; if($SearchFor=="on") { $whereStr = "(".GetFullFieldName($strField)."<>'0' "; if (!$isOracle) { $whereStr .= " and ".GetFullFieldName($strField)."<>'' "; } $whereStr .= " and ".GetFullFieldName($strField)." is not null)"; return $whereStr; } elseif($SearchFor=="off") { $whereStr = "(".GetFullFieldName($strField)."='0' "; if (!$isOracle) { $whereStr .= " or ".GetFullFieldName($strField)."='' "; } $whereStr .= " or ".GetFullFieldName($strField)." is null)"; } } else { if($SearchFor=="on") { return "(".GetFullFieldName($strField)."<>0 and ".GetFullFieldName($strField)." is not null)"; } elseif($SearchFor=="off") { return "(".GetFullFieldName($strField)."=0 or ".GetFullFieldName($strField)." is null)"; } } } $value1 = $cipherer->MakeDBValue($strField, $SearchFor, $etype, "", true); $value2 = false; $cleanvalue2 = false; if($strSearchOption == "Between") { $cleanvalue2 = prepare_for_db($strField,$SearchFor2,$etype); $value2 = make_db_value($strField,$SearchFor2,$etype); } if($strSearchOption!="Contains" && $strSearchOption!="Starts with" && ($value1==="null" || $value2==="null" ) && !$cipherer->isFieldPHPEncrypted($strField)) return ""; if(IsCharType($type) && !$btexttype) { if(!$cipherer->isFieldPHPEncrypted($strField)) { $value1 = $pSet->isEnableUpper($value1); $value2 = $pSet->isEnableUpper($value2); $gstrField = $pSet->isEnableUpper(GetFullFieldName($strField, "", false)); } else $gstrField = GetFullFieldName($strField, "", false); } elseif($strSearchOption=="Contains" || $strSearchOption=="Starts with") { $gstrField = db_field2char(GetFullFieldName($strField, "", false),$type); } elseif($pSet->getViewFormat($strField)==FORMAT_TIME) { $gstrField = db_field2time(GetFullFieldName($strField, "", false),$type); } else { $gstrField = GetFullFieldName($strField, "", false); } $ret=""; if($strSearchOption=="Contains") { if ($isMysql) { $SearchFor = str_replace('\\\\', '\\\\\\\\', $SearchFor); } if($cipherer->isFieldPHPEncrypted($strField)) return $gstrField."=".$cipherer->MakeDBValue($strField, $SearchFor); if(IsCharType($type) && !$btexttype) return $gstrField." ".$like." ".$pSet->isEnableUpper(db_prepare_string("%".$SearchFor."%")); else return $gstrField." ".$like." ".db_prepare_string("%".$SearchFor."%"); } else if($strSearchOption=="Equals") { return $gstrField."=".$value1; } else if($strSearchOption=="Starts with") { if ($isMysql) { $SearchFor = str_replace('\\\\', '\\\\\\\\', $SearchFor); } if(IsCharType($type) && !$btexttype) return $gstrField." ".$like." ".$pSet->isEnableUpper(db_prepare_string($SearchFor."%")); else return $gstrField." ".$like." ".db_prepare_string($SearchFor."%"); } else if($strSearchOption=="More than") return $gstrField.">".$value1; else if($strSearchOption=="Less than") return $gstrField."<".$value1; else if($strSearchOption=="Equal or more than") return $gstrField.">=".$value1; else if($strSearchOption=="Equal or less than") return $gstrField."<=".$value1; else if($strSearchOption=="Between") { $ret=$gstrField.">=".$value1." and "; if (IsDateFieldType($type)) { $timeArr = db2time($cleanvalue2); // for dates without time, add one day if ($timeArr[3]==0 && $timeArr[4]==0 && $timeArr[5]==0) { $timeArr = adddays($timeArr, 1); $value2 = $timeArr[0]."-".$timeArr[1]."-".$timeArr[2]; $value2 = add_db_quotes($strField, $value2, $strTableName); $ret .= $gstrField."<".$value2; } else { $ret.=$gstrField."<=".$value2; } } else { $ret.=$gstrField."<=".$value2; } return $ret; } return ""; }
} else { $likeConditionField = $LookupType == LT_QUERY ? $displayFieldName : $f; } $likeWheres = array(); foreach ($values as $fieldValue) { if ($LookupType == LT_QUERY) { $likeWheres[] = $likeField . $lookupCipherer->GetLikeClause($likeConditionField, $fieldValue); } else { $likeWheres[] = $likeField . $cipherer->GetLikeClause($likeConditionField, $fieldValue); } } $strLookupWhere .= implode(' OR ', $likeWheres); if ($gSettings->useCategory($f) && ($isExistParent || postvalue('editMode') != MODE_SEARCH)) { $arLookupWhere = array(); foreach ($lookupCategory as $arLookupCategory) { $cvalue = make_db_value($gSettings->getCategoryControl($f), $arLookupCategory); $arLookupWhere[] = $lookupConnection->addFieldWrappers($gSettings->getCategoryFilter($f)) . "=" . $cvalue; } $arLookupWhereToStr = count($arLookupWhere) == 1 ? $arLookupWhere[0] : "(" . implode(" OR ", $arLookupWhere) . ")"; if (count($arLookupWhere)) { $strLookupWhere = whereAdd($strLookupWhere, $arLookupWhereToStr); } } if (strlen($lookupOrderBy)) { $lookupOrderBy = $lookupConnection->addFieldWrappers($lookupOrderBy); if ($gSettings->isLookupDesc($f)) { $lookupOrderBy .= ' DESC'; } } if ($LookupType == LT_QUERY) { $LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $strLookupWhere), strlen($lookupOrderBy) ? ' ORDER BY ' . $lookupOrderBy : null);
function DisplayMasterTableInfo_Module($params) { $detailtable = $params["detailtable"]; $keys = $params["keys"]; global $conn, $strTableName; $xt = new Xtempl(); $oldTableName = $strTableName; $strTableName = "dbo.Module"; //$strSQL = "SELECT ID, [Module Type], [Module Status], [Module Condition], [Serial Num], [Entry Date] FROM dbo.[Module]"; $sqlHead = "SELECT ID, [Module Type], [Module Status], [Module Condition], [Serial Num], [Entry Date]"; $sqlFrom = "FROM dbo.[Module]"; $sqlWhere = ""; $sqlTail = ""; $where = ""; global $page_styles, $page_layouts, $page_layout_names, $container_styles; $layout = new TLayout("masterprint", "BoldOrange", "MobileOrange"); $layout->blocks["bare"] = array(); $layout->containers["0"] = array(); $layout->containers["0"][] = array("name" => "masterprintheader", "block" => "", "substyle" => 1); $layout->skins["0"] = "empty"; $layout->blocks["bare"][] = "0"; $layout->containers["mastergrid"] = array(); $layout->containers["mastergrid"][] = array("name" => "masterprintfields", "block" => "", "substyle" => 1); $layout->skins["mastergrid"] = "grid"; $layout->blocks["bare"][] = "mastergrid"; $page_layouts["Module_masterprint"] = $layout; if ($detailtable == "dbo.Anomalies") { $where .= GetFullFieldName("ID") . "=" . make_db_value("ID", $keys[1 - 1]); } if ($detailtable == "dbo.Customer Module Assignment") { $where .= GetFullFieldName("ID") . "=" . make_db_value("ID", $keys[1 - 1]); } if ($detailtable == "dbo.Readings") { $where .= GetFullFieldName("ID") . "=" . make_db_value("ID", $keys[1 - 1]); } if (!$where) { $strTableName = $oldTableName; return; } $str = SecuritySQL("Export"); if (strlen($str)) { $where .= " and " . $str; } $strWhere = whereAdd($sqlWhere, $where); if (strlen($strWhere)) { $strWhere = " where " . $strWhere . " "; } $strSQL = $sqlHead . ' ' . $sqlFrom . $strWhere . $sqlTail; // $strSQL=AddWhere($strSQL,$where); LogInfo($strSQL); $rs = db_query($strSQL, $conn); $data = db_fetch_array($rs); if (!$data) { $strTableName = $oldTableName; return; } $keylink = ""; $keylink .= "&key1=" . htmlspecialchars(rawurlencode(@$data["ID"])); // ID - $value = ""; $value = ProcessLargeText(GetData($data, "ID", ""), "field=ID" . $keylink, "", MODE_PRINT); $xt->assign("ID_mastervalue", $value); // Module Type - $value = ""; $value = DisplayLookupWizard("Module Type", $data["Module Type"], $data, $keylink, MODE_PRINT); $xt->assign("Module_Type_mastervalue", $value); // Module Status - $value = ""; $value = DisplayLookupWizard("Module Status", $data["Module Status"], $data, $keylink, MODE_PRINT); $xt->assign("Module_Status_mastervalue", $value); // Module Condition - $value = ""; $value = DisplayLookupWizard("Module Condition", $data["Module Condition"], $data, $keylink, MODE_PRINT); $xt->assign("Module_Condition_mastervalue", $value); // Serial Num - $value = ""; $value = ProcessLargeText(GetData($data, "Serial Num", ""), "field=Serial+Num" . $keylink, "", MODE_PRINT); $xt->assign("Serial_Num_mastervalue", $value); // Entry Date - Short Date $value = ""; $value = ProcessLargeText(GetData($data, "Entry Date", "Short Date"), "field=Entry+Date" . $keylink, "", MODE_PRINT); $xt->assign("Entry_Date_mastervalue", $value); $xt->display("Module_masterprint.htm"); $strTableName = $oldTableName; }
// copy keys to session $i = 1; while (isset($_REQUEST["masterkey" . $i])) { $_SESSION[$strTableName . "_masterkey" . $i] = $_REQUEST["masterkey" . $i]; $i++; } if (isset($_SESSION[$strTableName . "_masterkey" . $i])) { unset($_SESSION[$strTableName . "_masterkey" . $i]); } } else { $mastertable = $_SESSION[$strTableName . "_mastertable"]; } //$strSQL = $gstrSQL; if ($mastertable == "dbo.Module") { $where = ""; $where .= GetFullFieldName("Module ID") . "=" . make_db_value("Module ID", $_SESSION[$strTableName . "_masterkey1"]); } $str = SecuritySQL("Search"); if (strlen($str)) { $where .= " and " . $str; } $strSQL = gSQLWhere($where); $strSQL .= " " . $gstrOrderBy; $rowcount = gSQLRowCount($where); $xt->assign("row_count", $rowcount); if ($rowcount) { $xt->assign("details_data", true); $rs = db_query($strSQL, $conn); $display_count = 10; if ($mode == "inline") { $display_count *= 2;
function buildLookupWhereClause() { $arWhereClause = array(); foreach ($this->lookupCategory as $arLookupCategory) { if ($this->cipherer != null) { $lookupValue = $this->cipherer->MakeDBValue($this->categoryField, $arLookupCategory); } else { $lookupValue = make_db_value($this->categoryField, $arLookupCategory); } $arWhereClause[] = whereAdd($this->strWhereClause, $this->getFieldSQLDecrypt($this->categoryField) . "=" . $lookupValue); } if (count($arWhereClause) > 1) { $this->strWhereClause = "(" . implode(" OR ", $arWhereClause) . ")"; } elseif (count($arWhereClause) == 1) { $this->strWhereClause = $arWhereClause[0]; } if (strlen($this->strLookupWhere)) { $this->strWhereClause = whereAdd($this->strWhereClause, $this->strLookupWhere); } // add 1=0 if parent control contain empty value and no search used if ($this->mainPSet->useCategory($this->mainField) && postvalue('editMode') != MODE_SEARCH && !count($this->lookupCategory)) { $this->strWhereClause = whereAdd($this->strWhereClause, "1=0"); } }
} // set db connection $_connection = $cman->byTable($strTableName); $pSet = new ProjectSettings($strTableName, $pageType); $denyChecking = $pSet->allowDuplicateValues($fieldName); $denyChecking = $denyChecking && ($strTableName != "DashboardUsers" || $fieldName != $cUserNameField && $fieldName != $cEmailField); if ($denyChecking) { $returnJSON = array("success" => false, "error" => "Duplicated values are allowed"); echo printJSON($returnJSON); return; } $cipherer = new RunnerCipherer($strTableName, $pSet); if ($cipherer->isFieldEncrypted($fieldName)) { $value = $cipherer->MakeDBValue($fieldName, $value, $fieldControlType, true); } else { $value = make_db_value($fieldName, $value, $fieldControlType, "", $strTableName); } if ($value == "null") { $fieldSQL = RunnerPage::_getFieldSQL($fieldName, $_connection, $pSet); } else { $fieldSQL = RunnerPage::_getFieldSQLDecrypt($fieldName, $_connection, $pSet, $cipherer); } $where = $fieldSQL . ($value == "null" ? ' is ' : '=') . $value; $sql = "SELECT count(*) from " . $_connection->addTableWrappers($pSet->getOriginalTableName()) . " where " . $where; $qResult = $_connection->query($sql); if (!$qResult || !($data = $qResult->fetchNumeric())) { $returnJSON = array("success" => false, "error" => "Error: Wrong SQL query"); echo printJSON($returnJSON); return; } $hasDuplicates = $data[0] ? true : false;
$i++; } if (isset($_SESSION[$strTableName . "_masterkey" . $i])) { unset($_SESSION[$strTableName . "_masterkey" . $i]); } } else { $mastertable = $_SESSION[$strTableName . "_mastertable"]; } //$strSQL = $gstrSQL; if ($mastertable == "dbo.LU_Customer Type") { $where = ""; $where .= GetFullFieldName("Customer Type") . "=" . make_db_value("Customer Type", $_SESSION[$strTableName . "_masterkey1"]); } if ($mastertable == "dbo.LU_Locations") { $where = ""; $where .= GetFullFieldName("Location") . "=" . make_db_value("Location", $_SESSION[$strTableName . "_masterkey1"]); } $str = SecuritySQL("Search"); if (strlen($str)) { $where .= " and " . $str; } $strSQL = gSQLWhere($where); $strSQL .= " " . $gstrOrderBy; $rowcount = gSQLRowCount($where); $xt->assign("row_count", $rowcount); if ($rowcount) { $xt->assign("details_data", true); $rs = db_query($strSQL, $conn); $display_count = 10; if ($mode == "inline") { $display_count *= 2;
function buildLookupSQL($field, $table, $parentVal, $childVal = "", $doCategoryFilter = true, $doValueFilter = false, $addCategoryField = false, $doWhereFilter = true, $oneRecordMode = false) { global $strTableName; if (!strlen($table)) { $table = $strTableName; } // read settings $nLookupType = GetFieldData($table, $field, "LookupType", LT_LISTOFVALUES); if ($nLookupType != LT_LOOKUPTABLE) { return ""; } $bUnique = GetFieldData($table, $field, "LookupUnique", false); $strLookupWhere = LookupWhere($field, $table); $strOrderBy = GetFieldData($table, $field, "LookupOrderBy", ""); $bDesc = GetFieldData($table, $field, "LookupDesc", false); $strCategoryFilter = GetFieldData($table, $field, "CategoryFilter", ""); if ($doCategoryFilter) { $parentVal = make_db_value(CategoryControl($field, $table), $parentVal); } if ($doValueFilter) { $childVal = make_db_value($field, $childVal); } // build SQL string $LookupSQL = "SELECT "; if ($oneRecordMode) { $LookupSQL .= "top 1 "; } if ($bUnique) { $LookupSQL .= "DISTINCT "; } $LookupSQL .= GetLWLinkField($field, $table); $LookupSQL .= "," . GetLWDisplayField($field, $table); if ($addCategoryField && strlen($strCategoryFilter)) { $LookupSQL .= "," . AddFieldWrappers($strCategoryFilter); } $LookupSQL .= " FROM " . AddTableWrappers(GetLookupTable($field, $table)); // build Where clause $categoryWhere = ""; $childWhere = ""; if (UseCategory($field, $table) && $doCategoryFilter) { $condition = "=" . $parentVal; if ($childVal === "null") { $condition = " is null"; } $categoryWhere = AddFieldWrappers($strCategoryFilter) . $condition; } if ($doValueFilter) { $condition = "=" . $childVal; if ($childVal === "null") { $condition = " is null"; } $childWhere = AddFieldWrappers(GetLWLinkField($field, $table)) . $condition; } $strWhere = ""; if ($doWhereFilter && strlen($strLookupWhere)) { $strWhere = "(" . $strLookupWhere . ")"; } if (strlen($categoryWhere)) { if (strlen($strWhere)) { $strWhere .= " AND "; } $strWhere .= $categoryWhere; } if (strlen($childWhere)) { if (strlen($strWhere)) { $strWhere .= " AND "; } $strWhere .= $childWhere; } if (strlen($strWhere)) { $LookupSQL .= " WHERE " . $strWhere; } // order by clause if (strlen($strOrderBy)) { $LookupSQL .= " ORDER BY " . AddTableWrappers(GetLookupTable($field, $table)) . "." . AddFieldWrappers($strOrderBy); if ($bDesc) { $LookupSQL .= " DESC"; } } return $LookupSQL; }
/** * Use for count details recs number, if subQueryes not supported, or keys have different types * * @param integer $i * @param array $detailid */ function countDetailsRecsNoSubQ($dInd, &$detailid) { global $tables_data; global $masterTablesData; global $detailsTablesData; $dDataSourceTable = $this->allDetailsTablesArr[$dInd]['dDataSourceTable']; $gQuery = GetTableData($dDataSourceTable, '.sqlquery', null); $dObjHaving = $gQuery->Having(); $dSqlHaving = $dObjHaving->toSql($gQuery); $dSqlGroupBy = $gQuery->GroupByToSql(); $dSqlHead = $this->allDetailsTablesArr[$dInd]['sqlHead']; $dSqlFrom = $this->allDetailsTablesArr[$dInd]['sqlFrom']; $dSqlWhere = $this->allDetailsTablesArr[$dInd]['sqlWhere']; //$sqlTail = $detailTableInfo['sqlTail']; $detailKeys = GetDetailKeysByMasterTable($this->tName, $dDataSourceTable); $securityClause = SecuritySQL("Search", $dDataSourceTable); // add where if (strlen($securityClause)) { $dSqlWhere = whereAdd($dSqlWhere, $securityClause); } $masterwhere = ""; foreach ($this->masterKeysByD[$dInd] as $idx => $val) { if ($masterwhere) { $masterwhere .= " and "; } $masterwhere .= GetFullFieldName($detailKeys[$idx], $dDataSourceTable) . "=" . make_db_value($detailKeys[$idx], $detailid[$idx]); } return gSQLRowCount_int($dSqlHead, $dSqlFrom, $dSqlWhere, $dSqlGroupBy, $dSqlHaving, $masterwhere, ""); }
function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { if ($this->lookupType == LT_LISTOFVALUES) { return parent::SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest); } $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult != "") { return $baseResult; } $displayFieldType = $this->type; if ($this->lookupType == LT_QUERY) { $displayFieldType = $this->lookupPSet->getFieldType($this->field); $this->btexttype = IsTextType($displayFieldType); } if ($this->multiselect) { $SearchFor = splitvalues($SearchFor); } else { $SearchFor = array($SearchFor); } $ret = ""; if ($this->linkAndDisplaySame) { $gstrField = GetFullFieldName($this->field, "", false); } else { $gstrField = GetFullFieldName($this->displayFieldName, $this->lookupTable, false); } if ($this->customDisplay) { $gstrField = $this->lwDisplayFieldWrapped; } else { if (!$this->linkAndDisplaySame && $this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype && !$this->ciphererDisplay->isFieldPHPEncrypted($this->displayFieldName)) { $gstrField = $this->lookupPSet->isEnableUpper(GetFullFieldName($this->displayFieldName, $this->lookupTable, false)); } } foreach ($SearchFor as $value) { if (!($value == "null" || $value == "Null" || $value == "")) { if (strlen(trim($ret))) { $ret .= " or "; } if (!$this->multiselect) { if ($strSearchOption == "Starts with") { $value .= '%'; } if ($isSuggest || $strSearchOption == "Contains") { $value = '%' . $value . '%'; } if ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between" || $strSearchOption == "Equals" && $this->LCType == LCT_AJAX && !$this->linkAndDisplaySame) { $value = $this->escapeSearchValForMySQL($value); if ($this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype) { $value = $this->lookupPSet->isEnableUpper(db_prepare_string($value)); } else { $value = db_prepare_string($value); } } else { if ($strSearchOption == "Equals") { $value = make_db_value($this->field, $value); } } } if ($strSearchOption == "Equals") { if (!($value == "null" || $value == "Null")) { if ($this->LCType == LCT_AJAX && !$this->linkAndDisplaySame) { $condition = $gstrField . '=' . $value; } else { $condition = GetFullFieldName($this->field, "", false) . '=' . $value; } } } else { if ($strSearchOption == "Starts with" || $strSearchOption == "Contains" && !$this->multiselect) { $condition = $gstrField . " " . $this->like . " " . $value; } else { if ($strSearchOption == "More than") { $condition = $gstrField . " > " . $value; } else { if ($strSearchOption == "Less than") { $condition = $gstrField . "<" . $value; } else { if ($strSearchOption == "Equal or more than") { $condition = $gstrField . ">=" . $value1; } else { if ($strSearchOption == "Equal or less than") { $condition = $gstrField . "<=" . $value1; } else { if ($strSearchOption == "Between") { if ($this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype) { $value2 = $this->lookupPSet->isEnableUpper(db_prepare_string($SearchFor2)); } else { $value2 = db_prepare_string($SearchFor2); } $condition = $gstrField . ">=" . $value . " and "; if (IsDateFieldType($this->type)) { $timeArr = db2time($SearchFor2); // for dates without time, add one day if ($timeArr[3] == 0 && $timeArr[4] == 0 && $timeArr[5] == 0) { $timeArr = adddays($timeArr, 1); $SearchFor2 = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2]; $SearchFor2 = add_db_quotes($this->field, $SearchFor2, $this->pageObject->tName); $condition .= $gstrField . "<" . $SearchFor2; } else { $condition .= $gstrField . "<=" . $value2; } } else { $condition .= $gstrField . "<=" . $value2; } } else { if (strpos($value, ",") !== false || strpos($value, '"') !== false) { $value = '"' . str_replace('"', '""', $value) . '"'; } $value = $this->escapeSearchValForMySQL($value); //for search by multiply Lookup wizard field $ret .= GetFullFieldName($this->field, "", false) . " = " . db_prepare_string($value); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string("%," . $value . ",%"); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string("%," . $value); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string($value . ",%"); } } } } } } } if ($condition != "" && ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Equals" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between")) { if ($this->linkAndDisplaySame || $strSearchOption == "Equals" && $this->LCType != LCT_AJAX) { $ret .= " " . $condition; } else { if ($this->lookupType == LT_QUERY) { $lookupQueryObj = $this->lookupPSet->getSQLQuery(); $ret .= " EXISTS (" . $lookupQueryObj->toSql($condition . " and " . GetFullFieldName($this->linkFieldName, $this->lookupTable, false) . " = " . AddTableWrappers($this->pageObject->pSetEdit->getStrOriginalTableName()) . "." . AddFieldWrappers($this->field), '', null, false) . ")"; } else { $ret .= " EXISTS (SELECT 1 as fld from " . AddTableWrappers($this->lookupTable) . " where " . $condition . " and " . $this->lwLinkField . " = " . AddTableWrappers($this->pageObject->pSetEdit->getStrOriginalTableName()) . "." . AddFieldWrappers($this->field) . ")"; } } } } } if (strlen(trim($ret))) { $ret = "(" . $ret . ")"; } else { $ret = trim($ret); } return $ret; }
$where = ""; $where .= $pageObject->getFieldSQLDecrypt("GroupID") . "=" . make_db_value("GroupID", $_SESSION[$strTableName . "_masterkey1"]); $where .= " and "; $where .= $pageObject->getFieldSQLDecrypt("CompanyID") . "=" . make_db_value("CompanyID", $_SESSION[$strTableName . "_masterkey2"]); } if ($mastertable == "calendar_table") { $where = ""; $where .= $pageObject->getFieldSQLDecrypt("TranDate") . "=" . make_db_value("TranDate", $_SESSION[$strTableName . "_masterkey1"]); } if ($mastertable == "DimDept") { $where = ""; $where .= $pageObject->getFieldSQLDecrypt("TranDept") . "=" . make_db_value("TranDept", $_SESSION[$strTableName . "_masterkey1"]); } if ($mastertable == "DimArea") { $where = ""; $where .= $pageObject->getFieldSQLDecrypt("TranArea") . "=" . make_db_value("TranArea", $_SESSION[$strTableName . "_masterkey1"]); } $str = SecuritySQL("Search", $strTableName); if (strlen($str)) { $where .= " and " . $str; } $strSQL = $gQuery->gSQLWhere($where); $strSQL .= " " . $gstrOrderBy; $rowcount = $gQuery->gSQLRowCount($where, $pageObject->connection); $xt->assign("row_count", $rowcount); if ($rowcount) { $xt->assign("details_data", true); $display_count = 10; if ($mode == "inline") { $display_count *= 2; }
/** * add where clause with foreign keys of current table and it's master table master keys * * @return string */ function addWhereWithMasterTable() { $where = ""; if (count($this->detailKeysByM)) { for ($i = 0; $i < count($this->detailKeysByM); $i++) { if ($i != 0) { $where .= " and "; } $mValue = make_db_value($this->detailKeysByM[$i], $_SESSION[$this->sessionPrefix . "_masterkey" . ($i + 1)]); if (!empty($mValue)) { $where .= GetFullFieldName($this->detailKeysByM[$i]) . "=" . $mValue; } else { $where .= "1=0"; } } } return $where; }
$strLookupWhere = GetLWWhere($f, $pageType, $strTableName); if ($strLookupWhere) { $strLookupWhere = " (" . $strLookupWhere . ") AND "; } if ($LookupType == LT_QUERY) { if ($gSettings->getCustomDisplay($f)) { $strLookupWhere .= $displayFieldName; } else { $strLookupWhere .= GetFullFieldName($displayFieldName, $lookupTable, false); } } else { $strLookupWhere .= $cipherer->GetFieldName($lwDisplayField, $f); } $strLookupWhere .= $cipherer->GetLikeClause($LookupType == LT_QUERY ? $displayFieldName : $f, $value); if ($gSettings->useCategory($f) && (postvalue("category") != '' || postvalue('editMode') != MODE_SEARCH)) { $cvalue = make_db_value($gSettings->getCategoryControl($f), postvalue("category")); $strLookupWhere .= " AND " . AddFieldWrappers($gSettings->getCategoryFilter($f)) . "=" . $cvalue; } $lookupOrderBy = $gSettings->getLookupOrderBy($f); if (strlen($lookupOrderBy)) { $lookupOrderBy = GetFullFieldName($lookupOrderBy, $lookupTable); if ($gSettings->isLookupDesc($f)) { $lookupOrderBy .= ' DESC'; } } if ($LookupType == LT_QUERY) { $LookupSQL = $lookupQueryObj->toSql(whereAdd($lookupQueryObj->m_where->toSql($lookupQueryObj), $strLookupWhere), strlen($lookupOrderBy) ? ' ORDER BY ' . $lookupOrderBy : null); } else { $LookupSQL = $LookupSQLTable . " where " . $strLookupWhere; if (!$gSettings->isLookupUnique($f) || nDATABASE_Access != 4) { if ($lookupOrderBy) {
function buildLookupWhereClause() { if (strlen($this->lookupCategory)) { $this->strWhereClause = whereAdd($this->strWhereClause, GetFullFieldName($this->categoryField) . "=" . make_db_value($this->categoryField, $this->lookupCategory)); } if (strlen($this->strLookupWhere)) { $this->strWhereClause = whereAdd($this->strWhereClause, $this->strLookupWhere); } // add 1=0 if parent control contain empty value and no search used if (UseCategory($this->mainField, $this->mainTable) && postvalue('editMode') != MODE_SEARCH && !strlen($this->lookupCategory)) { $this->strWhereClause = whereAdd($this->strWhereClause, "1=0"); } }
function DisplayMasterTableInfo_Customers($params) { $detailtable = $params["detailtable"]; $keys = $params["keys"]; global $conn, $strTableName; $xt = new Xtempl(); $oldTableName = $strTableName; $strTableName = "dbo.Customers"; //$strSQL = "SELECT ID, Name, [Father Name], Address, Contact, Location, [Customer Type] FROM dbo.Customers"; $sqlHead = "SELECT ID, Name, [Father Name], Address, Contact, Location, [Customer Type]"; $sqlFrom = "FROM dbo.Customers"; $sqlWhere = ""; $sqlTail = ""; $where = ""; $mKeys = array(); $showKeys = ""; global $page_styles, $page_layouts, $page_layout_names, $container_styles; $layout = new TLayout("masterlist", "BoldOrange", "MobileOrange"); $layout->blocks["bare"] = array(); $layout->containers["0"] = array(); $layout->containers["0"][] = array("name" => "masterlistheader", "block" => "", "substyle" => 1); $layout->skins["0"] = "empty"; $layout->blocks["bare"][] = "0"; $layout->containers["mastergrid"] = array(); $layout->containers["mastergrid"][] = array("name" => "masterlistfields", "block" => "", "substyle" => 1); $layout->skins["mastergrid"] = "grid"; $layout->blocks["bare"][] = "mastergrid"; $page_layouts["Customers_masterlist"] = $layout; if ($detailtable == "dbo.Customer Module Assignment") { $where .= GetFullFieldName("ID") . "=" . make_db_value("ID", $keys[1 - 1]); $showKeys .= " " . GetFieldLabel("dbo_Customers", "ID") . ": " . $keys[1 - 1]; $xt->assign('showKeys', $showKeys); } if (!$where) { $strTableName = $oldTableName; return; } $str = SecuritySQL("Search"); if (strlen($str)) { $where .= " and " . $str; } $strWhere = whereAdd($sqlWhere, $where); if (strlen($strWhere)) { $strWhere = " where " . $strWhere . " "; } $strSQL = $sqlHead . ' ' . $sqlFrom . $strWhere . $sqlTail; // $strSQL=AddWhere($strSQL,$where); LogInfo($strSQL); $rs = db_query($strSQL, $conn); $data = db_fetch_array($rs); if (!$data) { $strTableName = $oldTableName; return; } $keylink = ""; $keylink .= "&key1=" . htmlspecialchars(rawurlencode(@$data["ID"])); // ID - $value = ""; $value = ProcessLargeText(GetData($data, "ID", ""), "field=ID" . $keylink); $xt->assign("ID_mastervalue", $value); // Name - $value = ""; $value = ProcessLargeText(GetData($data, "Name", ""), "field=Name" . $keylink); $xt->assign("Name_mastervalue", $value); // Father Name - $value = ""; $value = ProcessLargeText(GetData($data, "Father Name", ""), "field=Father+Name" . $keylink); $xt->assign("Father_Name_mastervalue", $value); // Address - $value = ""; $value = ProcessLargeText(GetData($data, "Address", ""), "field=Address" . $keylink); $xt->assign("Address_mastervalue", $value); // Contact - $value = ""; $value = ProcessLargeText(GetData($data, "Contact", ""), "field=Contact" . $keylink); $xt->assign("Contact_mastervalue", $value); // Location - $value = ""; $value = DisplayLookupWizard("Location", $data["Location"], $data, $keylink, MODE_LIST); $xt->assign("Location_mastervalue", $value); // Customer Type - $value = ""; $value = DisplayLookupWizard("Customer Type", $data["Customer Type"], $data, $keylink, MODE_LIST); $xt->assign("Customer_Type_mastervalue", $value); $xt->display("Customers_masterlist.htm"); $strTableName = $oldTableName; }
/** * Get for the dependent lookup an array containing the link field values with even indices * and the corresponding displayed values with odd indices * * @intellisense * @param String parentVal * @param String childVal * @param Boolean doCategoryFilter * @param Boolean initialLoad * @return Array */ public function loadLookupContent($parentVal, $childVal = "", $doCategoryFilter = true, $initialLoad = true) { $response = array(); $pSet = $this->pageObject->pSetEdit; if ($this->bUseCategory && $doCategoryFilter) { if ($this->lookupType == LT_QUERY) { $tempParentVal = $this->ciphererDisplay->MakeDBValue($pSet->getCategoryControl($this->field), $parentVal, "", true); } else { $tempParentVal = make_db_value($this->field, $parentVal); } if ($tempParentVal === "null" || 0 == strlen($parentVal)) { return $response; } } $LookupSQL = $this->getLookupSQL($parentVal, $childVal, $doCategoryFilter, $this->LCType == LCT_AJAX && $initialLoad); $lookupIndexes = GetLookupFieldsIndexes($pSet, $this->field); $qResult = $this->lookupConnection->query($LookupSQL); if ($this->LCType !== LCT_AJAX || $this->multiselect) { $isUnique = $pSet->isLookupUnique($this->field); while ($data = $qResult->fetchNumeric()) { if ($this->lookupType == LT_QUERY && $isUnique) { if (!isset($uniqueArray)) { $uniqueArray = array(); } if (in_array($data[$lookupIndexes["displayFieldIndex"]], $uniqueArray)) { continue; } $uniqueArray[] = $data[$lookupIndexes["displayFieldIndex"]]; } $response[] = $data[$lookupIndexes["linkFieldIndex"]]; $response[] = $data[$lookupIndexes["displayFieldIndex"]]; } } else { $data = $qResult->fetchNumeric(); // one record only if ($data && (strlen($childVal) || !$qResult->fetchNumeric())) { $response[] = $data[$lookupIndexes["linkFieldIndex"]]; $response[] = $data[$lookupIndexes["displayFieldIndex"]]; } } return $response; }
/** * add where clause with foreign keys of current table and it's master table master keys * * @return string */ function addWhereWithMasterTable() { $where = ""; if (count($this->detailKeysByM)) { for ($i = 0; $i < count($this->detailKeysByM); $i++) { if ($i != 0) { $where .= " and "; } if ($this->cipherer && isEncryptionByPHPEnabled()) { $mValue = $this->cipherer->MakeDBValue($this->detailKeysByM[$i], $_SESSION[$this->sessionPrefix . "_masterkey" . ($i + 1)]); } else { $mValue = make_db_value($this->detailKeysByM[$i], $_SESSION[$this->sessionPrefix . "_masterkey" . ($i + 1)]); } if (!empty($mValue)) { $where .= GetFullFieldName($this->detailKeysByM[$i], "", false) . "=" . $mValue; } else { $where .= "1=0"; } } } return $where; }
$fEditFormat = GetFieldData($strTableName, $f, 'EditFormat', ''); if ($fEditFormat != EDIT_FORMAT_LOOKUP_WIZARD || GoodFieldName($f) != $field) { continue; } $LookupType = GetFieldData($strTableName, $f, 'LookupType', ''); if ($LookupType == LT_LOOKUPTABLE) { $LookupSQL = "SELECT "; if (GetFieldData($strTableName, $f, 'LookupUnique', false)) { $LookupSQL .= "DISTINCT "; } $LookupSQL .= GetLWLinkField($f, $strTableName, true); $LookupSQL .= "," . GetLWDisplayField($f, $strTableName, true); $LookupSQL .= " FROM " . AddTableWrappers(GetFieldData($strTableName, $f, 'LookupTable', '')) . " "; $LookupSQL .= " WHERE " . GetLWLinkField($f, $strTableName, true) . "=" . $lookupValue . " AND "; $LookupSQL .= GetLWDisplayField($f, $strTableName, true) . " LIKE " . db_prepare_string($value . "%"); if (GetFieldData($strTableName, $f, 'UseCategory', false)) { $cvalue = make_db_value(GetFieldData($strTableName, $f, 'CategoryControl', ''), postvalue("category")); $LookupSQL .= " AND " . AddFieldWrappers(GetFieldData($strTableName, $f, 'CategoryFilter', '')) . "=" . $cvalue; } } } $rs2 = db_query($LookupSQL, $conn); if ($data = db_fetch_numarray($rs2)) { $response[] = $data[0]; $response[] = $data[1]; } } } } $respObj = array('success' => true, 'data' => array_slice($response, 0, 40)); echo my_json_encode($respObj);
function DisplayMasterTableInfo_LU_Anomaly_Type($params) { $detailtable = $params["detailtable"]; $keys = $params["keys"]; global $conn, $strTableName; $xt = new Xtempl(); $oldTableName = $strTableName; $strTableName = "dbo.LU_Anomaly Type"; //$strSQL = "SELECT Code, [Tamper Type] FROM dbo.[LU_Anomaly Type]"; $sqlHead = "SELECT Code, [Tamper Type]"; $sqlFrom = "FROM dbo.[LU_Anomaly Type]"; $sqlWhere = ""; $sqlTail = ""; $where = ""; global $page_styles, $page_layouts, $page_layout_names, $container_styles; $layout = new TLayout("masterprint", "BoldOrange", "MobileOrange"); $layout->blocks["bare"] = array(); $layout->containers["0"] = array(); $layout->containers["0"][] = array("name" => "masterprintheader", "block" => "", "substyle" => 1); $layout->skins["0"] = "empty"; $layout->blocks["bare"][] = "0"; $layout->containers["mastergrid"] = array(); $layout->containers["mastergrid"][] = array("name" => "masterprintfields", "block" => "", "substyle" => 1); $layout->skins["mastergrid"] = "grid"; $layout->blocks["bare"][] = "mastergrid"; $page_layouts["LU_Anomaly_Type_masterprint"] = $layout; if ($detailtable == "dbo.Anomalies") { $where .= GetFullFieldName("Code") . "=" . make_db_value("Code", $keys[1 - 1]); } if (!$where) { $strTableName = $oldTableName; return; } $str = SecuritySQL("Export"); if (strlen($str)) { $where .= " and " . $str; } $strWhere = whereAdd($sqlWhere, $where); if (strlen($strWhere)) { $strWhere = " where " . $strWhere . " "; } $strSQL = $sqlHead . ' ' . $sqlFrom . $strWhere . $sqlTail; // $strSQL=AddWhere($strSQL,$where); LogInfo($strSQL); $rs = db_query($strSQL, $conn); $data = db_fetch_array($rs); if (!$data) { $strTableName = $oldTableName; return; } $keylink = ""; $keylink .= "&key1=" . htmlspecialchars(rawurlencode(@$data["Code"])); // Code - $value = ""; $value = ProcessLargeText(GetData($data, "Code", ""), "field=Code" . $keylink, "", MODE_PRINT); $xt->assign("Code_mastervalue", $value); // Tamper Type - $value = ""; $value = ProcessLargeText(GetData($data, "Tamper Type", ""), "field=Tamper+Type" . $keylink, "", MODE_PRINT); $xt->assign("Tamper_Type_mastervalue", $value); $xt->display("LU_Anomaly_Type_masterprint.htm"); $strTableName = $oldTableName; }
function DisplayMasterTableInfo_LU_Module_Status($params) { $detailtable = $params["detailtable"]; $keys = $params["keys"]; global $conn, $strTableName; $xt = new Xtempl(); $oldTableName = $strTableName; $strTableName = "dbo.LU_Module Status"; //$strSQL = "SELECT Code, Status FROM dbo.[LU_Module Status]"; $sqlHead = "SELECT Code, Status"; $sqlFrom = "FROM dbo.[LU_Module Status]"; $sqlWhere = ""; $sqlTail = ""; $where = ""; $mKeys = array(); $showKeys = ""; global $page_styles, $page_layouts, $page_layout_names, $container_styles; $layout = new TLayout("masterlist", "BoldOrange", "MobileOrange"); $layout->blocks["bare"] = array(); $layout->containers["0"] = array(); $layout->containers["0"][] = array("name" => "masterlistheader", "block" => "", "substyle" => 1); $layout->skins["0"] = "empty"; $layout->blocks["bare"][] = "0"; $layout->containers["mastergrid"] = array(); $layout->containers["mastergrid"][] = array("name" => "masterlistfields", "block" => "", "substyle" => 1); $layout->skins["mastergrid"] = "grid"; $layout->blocks["bare"][] = "mastergrid"; $page_layouts["LU_Module_Status_masterlist"] = $layout; if ($detailtable == "dbo.Module") { $where .= GetFullFieldName("Code") . "=" . make_db_value("Code", $keys[1 - 1]); $showKeys .= " " . GetFieldLabel("dbo_LU_Module_Status", "Code") . ": " . $keys[1 - 1]; $xt->assign('showKeys', $showKeys); } if (!$where) { $strTableName = $oldTableName; return; } $str = SecuritySQL("Search"); if (strlen($str)) { $where .= " and " . $str; } $strWhere = whereAdd($sqlWhere, $where); if (strlen($strWhere)) { $strWhere = " where " . $strWhere . " "; } $strSQL = $sqlHead . ' ' . $sqlFrom . $strWhere . $sqlTail; // $strSQL=AddWhere($strSQL,$where); LogInfo($strSQL); $rs = db_query($strSQL, $conn); $data = db_fetch_array($rs); if (!$data) { $strTableName = $oldTableName; return; } $keylink = ""; $keylink .= "&key1=" . htmlspecialchars(rawurlencode(@$data["Code"])); // Code - $value = ""; $value = ProcessLargeText(GetData($data, "Code", ""), "field=Code" . $keylink); $xt->assign("Code_mastervalue", $value); // Status - $value = ""; $value = ProcessLargeText(GetData($data, "Status", ""), "field=Status" . $keylink); $xt->assign("Status_mastervalue", $value); $xt->display("LU_Module_Status_masterlist.htm"); $strTableName = $oldTableName; }
/** * Get the WHERE clause conditions string for the search or suggest SQL query * @param String SearchFor * @param String strSearchOption * @param String SearchFor2 * @param String etype * @param Boolean isSuggest */ function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult != "") { return $baseResult; } if (!strlen($SearchFor)) { return ""; } $value1 = $this->pageObject->cipherer->MakeDBValue($this->field, $SearchFor, $etype, true); $value2 = false; $cleanvalue2 = false; if ($strSearchOption == "Between") { $cleanvalue2 = prepare_for_db($this->field, $SearchFor2, $etype); $value2 = make_db_value($this->field, $SearchFor2, $etype); } if ($strSearchOption != "Contains" && $strSearchOption != "Starts with" && ($value1 === "null" || $value2 === "null") && !$this->pageObject->cipherer->isFieldPHPEncrypted($this->field)) { return ""; } if (($strSearchOption == "Contains" || $strSearchOption == "Starts with") && !$this->isStringValidForLike($SearchFor)) { return ""; } $searchIsCaseInsensitive = $this->pageObject->pSetEdit->getNCSearch(); if (IsCharType($this->type) && !$this->btexttype) { $gstrField = $this->getFieldSQLDecrypt(); if (!$this->pageObject->cipherer->isFieldPHPEncrypted($this->field) && $searchIsCaseInsensitive) { $value1 = $this->connection->upper($value1); $value2 = $this->connection->upper($value2); $gstrField = $this->connection->upper($gstrField); } } elseif ($strSearchOption == "Contains" || $strSearchOption == "Starts with") { $gstrField = $this->connection->field2char($this->getFieldSQLDecrypt(), $this->type); } elseif ($this->pageObject->pSetEdit->getViewFormat($this->field) == FORMAT_TIME) { $gstrField = $this->connection->field2time($this->getFieldSQLDecrypt(), $this->type); } else { $gstrField = $this->getFieldSQLDecrypt(); } if ($strSearchOption == "Contains") { if ($this->pageObject->cipherer->isFieldPHPEncrypted($this->field)) { return $gstrField . "=" . $this->pageObject->cipherer->MakeDBValue($this->field, $SearchFor); } $SearchFor = $this->connection->escapeLIKEpattern($SearchFor); if (IsCharType($this->type) && !$this->btexttype && $searchIsCaseInsensitive) { return $gstrField . " " . $this->like . " " . $this->connection->upper($this->connection->prepareString("%" . $SearchFor . "%")); } return $gstrField . " " . $this->like . " " . $this->connection->prepareString("%" . $SearchFor . "%"); } if ($strSearchOption == "Equals") { return $gstrField . "=" . $value1; } if ($strSearchOption == "Starts with") { $SearchFor = $this->connection->escapeLIKEpattern($SearchFor); if (IsCharType($this->type) && !$this->btexttype && $searchIsCaseInsensitive) { return $gstrField . " " . $this->like . " " . $this->connection->upper($this->connection->prepareString($SearchFor . "%")); } return $gstrField . " " . $this->like . " " . $this->connection->prepareString($SearchFor . "%"); } if ($strSearchOption == "More than") { return $gstrField . ">" . $value1; } if ($strSearchOption == "Less than") { return $gstrField . "<" . $value1; } if ($strSearchOption == "Equal or more than") { return $gstrField . ">=" . $value1; } if ($strSearchOption == "Equal or less than") { return $gstrField . "<=" . $value1; } if ($strSearchOption == "Between") { $ret = $gstrField . ">=" . $value1 . " and "; if (IsDateFieldType($this->type)) { $timeArr = db2time($cleanvalue2); // for dates without time, add one day if ($timeArr[3] == 0 && $timeArr[4] == 0 && $timeArr[5] == 0) { $timeArr = adddays($timeArr, 1); $value2 = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2]; $value2 = add_db_quotes($this->field, $value2, $this->pageObject->tName); $ret .= $gstrField . "<" . $value2; } else { $ret .= $gstrField . "<=" . $value2; } } else { $ret .= $gstrField . "<=" . $value2; } return $ret; } return ""; }
/** * returns where clause for active master-detail relationship * * @return string */ function getMasterTableSQLClause() { $where = ""; if (count($this->detailKeysByM)) { for ($i = 0; $i < count($this->detailKeysByM); $i++) { if ($i != 0) { $where .= " and "; } if ($this->cipherer && isEncryptionByPHPEnabled()) { $mValue = $this->cipherer->MakeDBValue($this->detailKeysByM[$i], $_SESSION[$this->sessionPrefix . "_masterkey" . ($i + 1)]); } else { $mValue = make_db_value($this->detailKeysByM[$i], $_SESSION[$this->sessionPrefix . "_masterkey" . ($i + 1)], "", "", $this->tName); } if (strlen($mValue) != 0) { $where .= $this->getFieldSQLDecrypt($this->detailKeysByM[$i]) . "=" . $mValue; } else { $where .= "1=0"; } } } return $where; }
unset($_SESSION[$strTableName . "_masterkey" . $i]); } } else { $mastertable = $_SESSION[$strTableName . "_mastertable"]; } $params = array(); $params['id'] = 1; $params['xt'] =& $xt; $params['tName'] = $strTableName; $params['pageType'] = "detailspreview"; $pageObject = new RunnerPage($params); if ($mastertable == "company") { $where = ""; $where .= $pageObject->getFieldSQLDecrypt("Coy_Id") . "=" . make_db_value("Coy_Id", $_SESSION[$strTableName . "_masterkey1"]); $where .= " and "; $where .= $pageObject->getFieldSQLDecrypt("Grp_id") . "=" . make_db_value("Grp_id", $_SESSION[$strTableName . "_masterkey2"]); } $str = SecuritySQL("Search", $strTableName); if (strlen($str)) { $where .= " and " . $str; } $strSQL = $gQuery->gSQLWhere($where); $strSQL .= " " . $gstrOrderBy; $rowcount = $gQuery->gSQLRowCount($where, $pageObject->connection); $xt->assign("row_count", $rowcount); if ($rowcount) { $xt->assign("details_data", true); $display_count = 10; if ($mode == "inline") { $display_count *= 2; }
function AddFilterByKeys(&$keys) { $oDefaultTable = $this->query->DefaultTable(); $tableKeys = $oDefaultTable->GetKeyFields(); foreach($tableKeys as $tk) { $value = make_db_value($tk, $keys[$tk]); if(SQLQueryIsNull($value)) { $this->AddFilter($tk, LE_ISNULL); } else { $this->AddFilter($tk, LE_EQ, $value); } } }
$pageObject = new RegisterPage($params); $pageObject->init(); $isUseCaptcha = $globalEvents->existsCAPTCHA(PAGE_REGISTER); // Before Process event if ($globalEvents->exists("BeforeProcessRegister")) { $globalEvents->BeforeProcessRegister($pageObject); } //Send activation link to user's email $includes = GetBaseScriptsForPage(false); if (@$_GET["a"] == "activate") { $username = base64_decode(@$_GET["u"]); $code = @$_GET["code"]; if ($regCipherer->isFieldEncrypted("username")) { $strUsername = $regCipherer->MakeDBValue("username", $username, "", true); } else { $strUsername = make_db_value("username", $username); } $sql = "select " . $pageObject->getFieldSQLDecrypt("password") . " from " . $pageObject->connection->addTableWrappers("ConsolidatedStockEnquiry_users") . " where " . $pageObject->getFieldSQLDecrypt("username") . "=" . $strUsername; $qResult = $pageObject->connection->query($sql); $verified = false; if (!$qResult) { echo "Invalid validation code."; return; } $data = $qResult->fetchNumeric(); if (!$data) { echo "Invalid validation code."; return; } $dbPassword = $regCipherer->DecryptField("password", $data[0]); $usercode = $username . md5($dbPassword);
function Chart(&$ch_array, $param) { global $field_labels; if ($this->webchart) { $this->chrt_array = Convert_Old_Chart($ch_array); } else { $this->chrt_array = $ch_array; } $this->setConnection(); $this->pSet = new ProjectSettings($this->chrt_array['tables'][0]); $this->showDetails = $param['showDetails']; if ($this->showDetails) { $this->detailTablesData = $this->pSet->getDetailTablesArr(); } $this->hasFlash = $param["hasFlash"]; $this->pageId = $param["pageId"]; $this->chrt_array["appearance"]["autoupdate"] = false; $this->numRecordsToShow = $this->chrt_array['appearance']['maxbarscroll']; if ($this->numRecordsToShow < 1) { $this->numRecordsToShow = 1; } $this->table_type = $this->chrt_array["table_type"]; if (!$this->table_type) { $this->table_type = "project"; } $this->webchart = $param["webchart"]; $this->cname = $param["cname"]; $this->chartPreview = $param["chartPreview"]; $this->dashChart = $param["dashChart"]; $this->sessionPrefix = $this->chrt_array['tables'][0]; if ($this->dashChart) { $this->dashTName = $param["dashTName"]; $this->dashElementName = $param["dashElementName"]; $this->sessionPrefix = $this->dashTName . "_" . $this->sessionPrefix; } $this->gstrOrderBy = $param["gstrOrderBy"]; $TableName = GoodFieldName($this->chrt_array['tables'][0]); // #10461, $this->setConnection(); needs to be called after value is assigned to $this->webchart $this->setConnection(); if ($this->isProjectDB()) { $this->cipherer = new RunnerCipherer($this->chrt_array['tables'][0]); } $this->header = $this->chrt_array['appearance']['head']; $this->footer = $this->chrt_array['appearance']['foot']; $this->y_axis_label = $this->chrt_array['appearance']['y_axis_label']; for ($i = 0; $i < count($this->chrt_array['parameters']) - 1; $i++) { if (isset($this->chrt_array['parameters'][$i]['currencyFormat'])) { $this->arrFormatCurrency[] = $this->chrt_array['parameters'][$i]['currencyFormat']; } else { if ($this->chrt_array['appearance']['scur'] == "false") { $this->arrFormatCurrency[] = ""; } else { $this->arrFormatCurrency[] = $this->chrt_array['appearance']['scur']; } } if (isset($this->chrt_array['parameters'][$i]['decimalFormat'])) { $this->arrFormatDecimal[] = $this->chrt_array['parameters'][$i]['decimalFormat']; } else { $this->arrFormatDecimal[] = $this->chrt_array['appearance']['dec']; } $this->arrFormatCustomer[] = $this->chrt_array['parameters'][$i]['customFormat']; $this->arrFormatCustomerStr[] = $this->chrt_array['parameters'][$i]['customFormatStr']; if ($this->chrt_array["chart_type"]["type"] == "ohlc" || $this->chrt_array["chart_type"]["type"] == "candlestick") { $this->arrOHLC_color[] = "#" . $this->chrt_array['parameters'][$i]['ohlcColor']; if ($this->table_type != "db") { $this->arrOHLC_open[] = $this->chrt_array['parameters'][$i]['ohlcOpen']; $this->arrOHLC_high[] = $this->chrt_array['parameters'][$i]['ohlcHigh']; $this->arrOHLC_low[] = $this->chrt_array['parameters'][$i]['ohlcLow']; $this->arrOHLC_close[] = $this->chrt_array['parameters'][$i]['ohlcClose']; } else { if ($this->chrt_array['parameters'][$i]['agr_func']) { $this->arrOHLC_open[] = $this->chrt_array['parameters'][$i]['agr_func'] . "_" . $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['ohlcOpen']; $this->arrOHLC_high[] = $this->chrt_array['parameters'][$i]['agr_func'] . "_" . $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['ohlcHigh']; $this->arrOHLC_low[] = $this->chrt_array['parameters'][$i]['agr_func'] . "_" . $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['ohlcLow']; $this->arrOHLC_close[] = $this->chrt_array['parameters'][$i]['agr_func'] . "_" . $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['ohlcClose']; } else { $this->arrOHLC_open[] = $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['ohlcOpen']; $this->arrOHLC_high[] = $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['ohlcHigh']; $this->arrOHLC_low[] = $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['ohlcLow']; $this->arrOHLC_close[] = $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['ohlcClose']; } } if ($this->chrt_array["chart_type"]["type"] == "candlestick") { $this->arrOHLC_candle[] = "#" . $this->chrt_array['parameters'][$i]['ohlcCandleColor']; } } elseif ($this->chrt_array['parameters'][$i]['name'] != "") { if ($this->table_type != "db") { $this->arrDataSeries[] = $this->chrt_array['parameters'][$i]['agr_func'] ? $this->chrt_array['parameters'][$i]['label'] : $this->chrt_array['parameters'][$i]['name']; if ($this->chrt_array["chart_type"]["type"] == "bubble") { $this->arrDataSize[] = $this->chrt_array['parameters'][$i]['size']; } } else { $this->arrDataSeries[] = $this->chrt_array['parameters'][$i]['agr_func'] ? $this->chrt_array['parameters'][$i]['agr_func'] . "_" . $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['name'] : $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['name']; if ($this->chrt_array["chart_type"]["type"] == "bubble") { $this->arrDataSize[] = $this->chrt_array['parameters'][$i]['table'] . "_" . $this->chrt_array['parameters'][$i]['size']; } } if (isset($this->chrt_array['appearance']['scolor' . ($i + 1) . '1'])) { $this->arrDataColor[] = $this->chrt_array['appearance']['scolor' . ($i + 1) . '1']; } else { $this->arrDataColor[] = $this->chrt_array['parameters'][$i]['series_color']; } if ($this->chrt_array["chart_type"]["type"] == "gauge") { for ($k = 0; is_array($this->chrt_array["parameters"][$i]["gaugeColorZone"]) && $k < count($this->chrt_array["parameters"][$i]["gaugeColorZone"]); $k++) { $beginColor = (double) @$this->chrt_array["parameters"][$i]["gaugeColorZone"][$k]["gaugeBeginColor"]; $endColor = (double) @$this->chrt_array["parameters"][$i]["gaugeColorZone"][$k]["gaugeEndColor"]; $gColor = "#" . @$this->chrt_array["parameters"][$i]["gaugeColorZone"][$k]["gaugeColor"]; $this->arrGaugeColor[count($this->arrDataSeries) - 1][] = array($beginColor, $endColor, $gColor); } } } if ($this->table_type == "project" && !$this->webchart) { if ($this->chrt_array["chart_type"]["type"] != "candlestick" && $this->chrt_array["chart_type"]["type"] != "ohlc") { $this->arrDataLabels[] = $this->chart_xmlencode(GetFieldLabel(GoodFieldName($TableName), GoodFieldName($this->chrt_array['parameters'][$i]['name']))); } else { $this->arrDataLabels[] = $this->chart_xmlencode(GetFieldLabel(GoodFieldName($TableName), GoodFieldName($this->chrt_array['parameters'][$i]['ohlcOpen']))); } } else { if (!$this->chart_xmlencode($this->chrt_array['parameters'][$i]['label'])) { if ($this->chrt_array["chart_type"]["type"] != "candlestick" && $this->chrt_array["chart_type"]["type"] != "ohlc") { $this->arrDataLabels[] = $this->chart_xmlencode($this->chrt_array['parameters'][$i]['name']); } else { $this->arrDataLabels[] = $this->chart_xmlencode($this->chrt_array['parameters'][$i]['ohlcOpen']); } } else { $this->arrDataLabels[] = $this->chart_xmlencode($this->chrt_array['parameters'][$i]['label']); } } } if ($this->chrt_array["chart_type"]["type"] != "gauge") { if ($this->table_type != "db") { $this->strLabel = $this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['name']; } else { $this->strLabel = $this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['agr_func'] ? $this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['agr_func'] . "_" . $this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['table'] . "_" . $this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['name'] : $this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['table'] . "_" . $this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['name']; } for ($j = 0; $j < count($this->chrt_array['fields']); $j++) { if ($this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['name'] == $this->chrt_array['fields'][$j]['name']) { if ($this->table_type == "project") { $this->label2 = $this->chart_xmlencode(GetFieldLabel($TableName, GoodFieldName($this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['name']))); } else { $this->label2 = $this->chart_xmlencode($this->chrt_array['parameters'][count($this->chrt_array['parameters']) - 1]['name']); } } } } if ($this->chrt_array["chart_type"]["type"] != "ohlc" && $this->chrt_array["chart_type"]["type"] != "candlestick") { foreach ($this->arrDataColor as $ind => $val) { if ($ind == 0) { $this->arrAxesColor = "#000000"; } else { $this->arrAxesColor = "#" . $this->arrDataColor[$ind]; } } } else { foreach ($this->arrOHLC_color as $ind => $val) { if ($ind == 0) { $this->arrAxesColor = "#000000"; } else { $this->arrAxesColor = "#" . $this->arrOHLC_color[$ind]; } } } // prepare search params $gQuery = $this->pSet->getSQLQuery(); $masterWhere = ""; if (!$this->dashChart) { $masterTable = $_SESSION[$this->sessionPrefix . "_mastertable"]; $detailKeysByM = $this->pSet->getDetailKeysByMasterTable($masterTable); if (count($detailKeysByM)) { for ($i = 0; $i < count($detailKeysByM); $i++) { if ($i != 0) { $masterWhere .= " and "; } if ($this->cipherer && isEncryptionByPHPEnabled()) { $mValue = $this->cipherer->MakeDBValue($detailKeysByM[$i], $_SESSION[$this->sessionPrefix . "_masterkey" . ($i + 1)]); } else { $mValue = make_db_value($detailKeysByM[$i], $_SESSION[$this->sessionPrefix . "_masterkey" . ($i + 1)]); } if (strlen($mValue) != 0) { $masterWhere .= RunnerPage::_getFieldSQLDecrypt($detailKeysByM[$i], $this->connection, $this->pSet, $this->cipherer) . "=" . $mValue; } else { $masterWhere .= "1=0"; } } } } $strWhereClause = ""; $searchHavingClause = ""; $strSearchCriteria = "and"; global $strTableName; // search where for basic charts if (!$this->webchart) { if (!$this->chartPreview && isset($_SESSION[$this->sessionPrefix . '_advsearch'])) { $searchClauseObj = SearchClause::UnserializeObject($_SESSION[$this->sessionPrefix . '_advsearch']); include_once getabspath('classes/controls/EditControlsContainer.php'); $editControls = new EditControlsContainer(null, $this->pSet, PAGE_SEARCH, $this->cipherer); $whereComponents = RunnerPage::sGetWhereComponents($gQuery, $this->pSet, $searchClauseObj, $editControls, $this->connection); $strWhereClause = $whereComponents["searchWhere"]; foreach ($whereComponents["filterWhere"] as $fWhere) { $strWhereClause = whereAdd($strWhereClause, $fWhere); } $searchHavingClause = $whereComponents["searchHaving"]; foreach ($whereComponents["filterHaving"] as $fHaving) { $searchHavingClause = whereAdd($searchHavingClause, $fHaving); } $strSearchCriteria = $whereComponents["searchUnionRequired"] ? "or" : "and"; } } else { if ($this->table_type != "project") { $strTableName = "webchart" . $this->cname; } $strWhereClause = CalcSearchParam($this->table_type != "project"); } if ($strWhereClause) { $this->chrt_array['where'] .= $this->chrt_array['where'] ? " AND (" . $strWhereClause . ")" : " WHERE (" . $strWhereClause . ")"; } if ($this->table_type == "project") { if (SecuritySQL("Search", $this->chrt_array['tables'][0])) { $strWhereClause = whereAdd($strWhereClause, SecuritySQL("Search", $strTableName)); } $this->strSQL = $gQuery->gSQLWhere($strWhereClause, $searchHavingClause, $strSearchCriteria); $strOrderBy = $this->gstrOrderBy; $this->strSQL .= " " . $strOrderBy; if ($masterWhere) { $strWhereClause = whereAdd($strWhereClause, $masterWhere); } $strSQLbak = $this->strSQL; if (tableEventExists("BeforeQueryChart", $strTableName)) { $tstrSQL = $this->strSQL; $eventObj = getEventObject($strTableName); $eventObj->BeforeQueryChart($tstrSQL, $strWhereClause, $strOrderBy); $this->strSQL = $tstrSQL; } if ($strSQLbak == $this->strSQL) { $this->strSQL = $gQuery->gSQLWhere($strWhereClause, $searchHavingClause, $strSearchCriteria); $this->strSQL .= " " . $strOrderBy; } } if ($this->cname && $this->table_type == "db") { $this->strSQL = $this->chrt_array['sql'] . $this->chrt_array['where'] . $this->chrt_array['group_by'] . $this->chrt_array['order_by']; } elseif ($this->cname && $this->table_type == "custom") { if (!IsStoredProcedure($this->chrt_array['sql'])) { $sql_query = $this->chrt_array['sql']; if ($this->connection->dbType == nDATABASE_MSSQLServer) { $pos = strrpos(strtoupper($sql_query), "ORDER BY"); if ($pos) { $sql_query = substr($sql_query, 0, $pos); } } if ($this->connection->dbType != nDATABASE_Oracle) { $this->strSQL = "select * from (" . $sql_query . ") as " . $this->connection->addFieldWrappers("custom_query") . $this->chrt_array['where']; } else { $this->strSQL = "select * from (" . $sql_query . ")" . $this->chrt_array['where']; } } else { $this->strSQL = $this->chrt_array['sql']; } } if (tableEventExists("UpdateChartSettings", $strTableName)) { $eventObj = getEventObject($strTableName); $eventObj->UpdateChartSettings($this); } }
$_SESSION[$strTableName . "_masterkey" . $i] = $masterKeys["masterkey" . $i]; $i++; } } if (isset($_SESSION[$strTableName . "_masterkey" . $i])) { unset($_SESSION[$strTableName . "_masterkey" . $i]); } } else { $mastertable = $_SESSION[$strTableName . "_mastertable"]; } //$strSQL = $gstrSQL; if ($mastertable == "pad.pad_jenis_pajak") { $where = ""; $where .= GetFullFieldName("pajak_id", $strTableName, false) . "=" . make_db_value("pajak_id", $_SESSION[$strTableName . "_masterkey1"]); $where .= " and "; $where .= GetFullFieldName("pajak_id", $strTableName, false) . "=" . make_db_value("pajak_id", $_SESSION[$strTableName . "_masterkey2"]); } $str = SecuritySQL("Search"); if (strlen($str)) { $where .= " and " . $str; } $strSQL = $gQuery->gSQLWhere($where); $strSQL .= " " . $gstrOrderBy; $rowcount = $gQuery->gSQLRowCount($where); $xt->assign("row_count", $rowcount); if ($rowcount) { $xt->assign("details_data", true); $rs = db_query($strSQL, $conn); $display_count = 10; if ($mode == "inline") { $display_count *= 2;
function loadSelectContent($pageType, $childFieldName, $parentVal, $doCategoryFilter = true, $childVal = "", $initialLoad = true) { global $conn, $LookupSQL, $strTableName; $pSet = new ProjectSettings($strTableName, $pageType); $response = array(); $lookupType = $pSet->getLookupType($childFieldName); $isUnique = $pSet->isLookupUnique($childFieldName); if ($pSet->useCategory($childFieldName) && $doCategoryFilter) { if ($lookupType == LT_QUERY) { $lookupTable = $pSet->getLookupTable($childFieldName); $cipherer = new RunnerCipherer($lookupTable); $tempParentVal = $cipherer->MakeDBValue($pSet->getCategoryControl($childFieldName), $parentVal, "", $lookupTable, true); } else { $tempParentVal = make_db_value($childFieldName, $parentVal); } if ($tempParentVal === "null") { return $response; } } $LookupSQL = buildLookupSQL($pageType, $childFieldName, $strTableName, $parentVal, $childVal, $doCategoryFilter, $pSet->fastType($childFieldName) && $initialLoad); $lookupIndexes = GetLookupFieldsIndexes($pSet, $childFieldName); $rs = db_query($LookupSQL, $conn); if (!$pSet->fastType($childFieldName)) { while ($data = db_fetch_numarray($rs)) { if ($lookupType == LT_QUERY && $isUnique) { if (!isset($uniqueArray)) { $uniqueArray = array(); } if (in_array($data[$lookupIndexes["displayFieldIndex"]], $uniqueArray)) { continue; } $uniqueArray[] = $data[$lookupIndexes["displayFieldIndex"]]; } $response[] = $data[$lookupIndexes["linkFieldIndex"]]; $response[] = $data[$lookupIndexes["displayFieldIndex"]]; } } else { $data = db_fetch_numarray($rs); // one record only if ($data && (strlen($childVal) || !db_fetch_numarray($rs))) { $response[] = $data[$lookupIndexes["linkFieldIndex"]]; $response[] = $data[$lookupIndexes["displayFieldIndex"]]; } } return $response; }
} } if (isset($_SESSION[$strTableName . "_masterkey" . $i])) { unset($_SESSION[$strTableName . "_masterkey" . $i]); } } else { $mastertable = $_SESSION[$strTableName . "_mastertable"]; } //$strSQL = $gstrSQL; if ($mastertable == "pad.pad_kecamatan") { $where = ""; $where .= GetFullFieldName("kecamatan_id", $strTableName, false) . "=" . make_db_value("kecamatan_id", $_SESSION[$strTableName . "_masterkey1"]); } if ($mastertable == "pad.pad_kelurahan") { $where = ""; $where .= GetFullFieldName("kelurahan_id", $strTableName, false) . "=" . make_db_value("kelurahan_id", $_SESSION[$strTableName . "_masterkey1"]); } $str = SecuritySQL("Search"); if (strlen($str)) { $where .= " and " . $str; } $strSQL = $gQuery->gSQLWhere($where); $strSQL .= " " . $gstrOrderBy; $rowcount = $gQuery->gSQLRowCount($where); $xt->assign("row_count", $rowcount); if ($rowcount) { $xt->assign("details_data", true); $rs = db_query($strSQL, $conn); $display_count = 10; if ($mode == "inline") { $display_count *= 2;
/** * Get the db prepared interval limit's value * * The function is static because It can be invoked through the getIntervalFilterWhere, * getLimitsConditions static methods from the SearchClause object to build the filters' SQL where clause * * @param String fName * @param Array intervalData * @param Object cipherer * @param String tableName * @param Boolean isLower The flag indicating if the value is prepared for the lower limit or not. * @return String */ static function getLimitValue($fName, $intervalData, $cipherer, $tableName, $isLower) { $keyPrefix = $isLower ? "lower" : "upper"; $isFieldEncrypted = $cipherer->isFieldEncrypted($fName); if ($intervalData[$keyPrefix . "UsesExpression"]) { $fValue = getIntervalLimitsExpressions($tableName, $fName, $intervalData["index"], $isLower); } else { $fValue = $intervalData[$keyPrefix . "Limit"]; } if ($isFieldEncrypted) { return $cipherer->MakeDBValue($fName, $fValue, "", true); } return make_db_value($fName, $fValue, "", "", $tableName); }