/**
* Assembles the search SQL statement and remembers it in _SESSION
*
*/
function make_search_SQL($db, $tableinfo, $fields, $USER, $search, $searchsort, $whereclause = false)
{
global $db_type;
// apparently searchsort can be passed as an empty string. that is bad
if (!$searchsort) {
$searchsort = $tableinfo->realname . '.date DESC';
}
$fieldvarsname = $tableinfo->short . '_fieldvars';
global ${$fieldvarsname};
$queryname = $tableinfo->short . '_query';
if (!$whereclause) {
$whereclause = may_read_SQL($db, $tableinfo, $USER);
}
if (!$whereclause) {
$whereclause = -1;
}
if ($search == 'Search') {
${$queryname} = search($db, $tableinfo, $fields, $_GET, " {$whereclause} ORDER BY {$searchsort}");
${$fieldvarsname} = $_GET;
} elseif (session_is_registered($queryname) && isset($_SESSION[$queryname])) {
${$queryname} = $_SESSION[$queryname];
${$fieldvarsname} = $_SESSION[$fieldvarsname];
} else {
// This must be a 'Show All'
// terrible: some postgres version need the temp table in the FROM clause:
if ($db_type == 'mysql') {
${$queryname} = "SELECT {$fields} FROM {$tableinfo->realname} WHERE {$whereclause} ORDER BY date DESC";
} else {
${$queryname} = "SELECT {$fields} FROM tempb, {$tableinfo->realname} WHERE {$whereclause} ORDER BY date DESC";
}
${$fieldvarsname} = $_GET;
}
$_SESSION[$queryname] = ${$queryname};
if (!${$fieldvarsname}) {
${$fieldvarsname} = $_GET;
}
$_SESSION[$fieldvarsname] = ${$fieldvarsname};
if ($search != 'Show All') {
// globalize _GET
$column = strtok($fields, ',');
while ($column) {
global ${$column};
${$column} = $_GET[$column];
$column = strtok(',');
}
// extract variables from session
globalize_vars($fields, ${$fieldvarsname});
}
// do one last error control: replace double commas with singles
${$queryname} = preg_replace("/,,/", ",", ${$queryname});
return ${$queryname};
}
if ($USER['settings']['reportoutput'] == 2) {
header('Accept-Ranges: bytes');
header('Connection: close');
header("Content-Type: text/html");
// we don't yet know how long this is going to be
//header("Content-Length: $filesize");
header("Content-Disposition-type: attachment");
header("Content-Disposition: attachment; filename={$reportname}");
}
// displays multiple records in a report (last search statement)
if ($_GET['tableview']) {
// figure out the current query:
$queryname = $tableinfo->short . '_query';
if (session_is_registered($queryname) && isset($_SESSION[$queryname])) {
// get a list with all records we may see, create temp table tempb
$listb = may_read_SQL($db, $tableinfo, $USER, 'tempb');
// read all fields in from the description file
$fields_table = comma_array_SQL($db, $tableinfo->desname, columnname, "");
//$fields_table="id,".$fields_table;
// prepare the search statement
$query = make_search_SQL($db, $tableinfo, $fields_table, $USER, $search, $sortstring, $listb["sql"]);
//$db->debug=true;
$r = $db->Execute($query);
//$db->debug=false;
if ($reportid > 0) {
echo $header;
} elseif ($reportid == -1) {
// xml
echo "<phplabware_base>\n";
} elseif ($reportid == -2) {
// tab headers
