/** * Assembles the search SQL statement and remembers it in _SESSION * */ function make_search_SQL($db, $tableinfo, $fields, $USER, $search, $searchsort, $whereclause = false) { global $db_type; // apparently searchsort can be passed as an empty string. that is bad if (!$searchsort) { $searchsort = $tableinfo->realname . '.date DESC'; } $fieldvarsname = $tableinfo->short . '_fieldvars'; global ${$fieldvarsname}; $queryname = $tableinfo->short . '_query'; if (!$whereclause) { $whereclause = may_read_SQL($db, $tableinfo, $USER); } if (!$whereclause) { $whereclause = -1; } if ($search == 'Search') { ${$queryname} = search($db, $tableinfo, $fields, $_GET, " {$whereclause} ORDER BY {$searchsort}"); ${$fieldvarsname} = $_GET; } elseif (session_is_registered($queryname) && isset($_SESSION[$queryname])) { ${$queryname} = $_SESSION[$queryname]; ${$fieldvarsname} = $_SESSION[$fieldvarsname]; } else { // This must be a 'Show All' // terrible: some postgres version need the temp table in the FROM clause: if ($db_type == 'mysql') { ${$queryname} = "SELECT {$fields} FROM {$tableinfo->realname} WHERE {$whereclause} ORDER BY date DESC"; } else { ${$queryname} = "SELECT {$fields} FROM tempb, {$tableinfo->realname} WHERE {$whereclause} ORDER BY date DESC"; } ${$fieldvarsname} = $_GET; } $_SESSION[$queryname] = ${$queryname}; if (!${$fieldvarsname}) { ${$fieldvarsname} = $_GET; } $_SESSION[$fieldvarsname] = ${$fieldvarsname}; if ($search != 'Show All') { // globalize _GET $column = strtok($fields, ','); while ($column) { global ${$column}; ${$column} = $_GET[$column]; $column = strtok(','); } // extract variables from session globalize_vars($fields, ${$fieldvarsname}); } // do one last error control: replace double commas with singles ${$queryname} = preg_replace("/,,/", ",", ${$queryname}); return ${$queryname}; }
if ($USER['settings']['reportoutput'] == 2) { header('Accept-Ranges: bytes'); header('Connection: close'); header("Content-Type: text/html"); // we don't yet know how long this is going to be //header("Content-Length: $filesize"); header("Content-Disposition-type: attachment"); header("Content-Disposition: attachment; filename={$reportname}"); } // displays multiple records in a report (last search statement) if ($_GET['tableview']) { // figure out the current query: $queryname = $tableinfo->short . '_query'; if (session_is_registered($queryname) && isset($_SESSION[$queryname])) { // get a list with all records we may see, create temp table tempb $listb = may_read_SQL($db, $tableinfo, $USER, 'tempb'); // read all fields in from the description file $fields_table = comma_array_SQL($db, $tableinfo->desname, columnname, ""); //$fields_table="id,".$fields_table; // prepare the search statement $query = make_search_SQL($db, $tableinfo, $fields_table, $USER, $search, $sortstring, $listb["sql"]); //$db->debug=true; $r = $db->Execute($query); //$db->debug=false; if ($reportid > 0) { echo $header; } elseif ($reportid == -1) { // xml echo "<phplabware_base>\n"; } elseif ($reportid == -2) { // tab headers