function simpleQuery(&$db)
{
$query = v($_REQUEST["query"]);
if (!$query) {
$query = Session::get('select', 'query');
}
// try to load from session
if (!$query) {
return '';
}
// see if user is restricted to a list of databases by configuration
// if yes, then disallow db use queries
// it's still possible that the command can contain db prefixes, which will override the db selection
//$info = getCommandInfo($query);
//if ($info['dbChanged'])
// return '';
$query_type = getQueryType($query);
if ($query_type['result'] == FALSE) {
return $query;
}
// only apply limit/sort to select queries with results
if ($query_type['can_limit'] == FALSE) {
return $query;
}
Session::set('select', 'can_limit', $query_type['can_limit'] == TRUE);
if (v($_REQUEST["id"]) == 'sort') {
$field = v($_REQUEST['name']);
if ($field) {
$query = sortQuery($query, ctype_digit($field) ? $field : $db->quote($field));
}
// clear pagination if sorting is changed
Session::set('select', 'page', 1);
}
// save order clause with query in session, required for pagination
Session::set('select', 'query', $query);
// try to find limit clause in the query. If one is not applied, apply now
// only either sort or pagination request can come at a time
if (!$query_type['has_limit'] && v($_REQUEST["id"]) != 'sort') {
$record_limit = Options::get('res-max-count', MAX_RECORD_TO_DISPLAY);
$page = v($_REQUEST['name']);
if ($page) {
$limit_applied = Session::get('select', 'limit');
if (!ctype_digit($page) | $page < 1 || !$limit_applied) {
return $query;
}
$count = Session::get('select', 'count');
$total_pages = ceil($count / $record_limit);
if ($total_pages < $page) {
return $query;
}
Session::set('select', 'page', $page);
$limit = $db->getLimit($record_limit, ($page - 1) * $record_limit);
$query .= $limit;
} else {
Session::del('select', 'table');
Session::del('select', 'limit');
Session::del('select', 'page');
Session::del('select', 'count');
Session::del('select', 'sort');
Session::del('select', 'sortcol');
if (!$db->query($query)) {
return $query;
}
$count = $db->numRows();
if ($count > $record_limit) {
Session::set('select', 'count', $count);
Session::set('select', 'page', 1);
Session::set('select', 'limit', true);
$limit = $db->getLimit($record_limit);
$query .= $limit;
}
}
}
return $query;
}
// require_once("inc/data.php");
require_once "inc/db.php";
require_once "inc/functions.php";
$pageTitle = "";
include "inc/header.php";
if (isset($_GET['title'])) {
$where = where($_GET['title'], null);
} else {
if (isset($_GET['actor'])) {
$where = where(null, $_GET['actor']);
} else {
$where = "";
}
}
$sort = isset($_GET['sort']) ? sortQuery($_GET['sort']) : "";
?>
<body>
<div class="container">
<div class="row">
<h1 class="text-center">Movies Viewer</h1>
<p class="lead text-center">List of your favorite movies below.</p>
<div class="form-group search-box">
<div class="col-sm-3">
<select class="form-control" id="select">
<option disabled>-- Select search criteria --</option>
<option value="title">By title</option>
<option value="actor" <?php
echo isset($_GET['actor']) ? "selected" : "";
