list($sqlQuery, $displayType) = findDuplicates($sqlQuery, $originalDisplayType); // by passing the generated SQL query thru the 'verifySQLQuery()' function we ensure that necessary fields are added as needed: // (this function does add/remove user-specific query code as required and will fix problems with escape sequences within the SQL query) $query = verifySQLQuery($sqlQuery, $referer, $displayType, $showLinks); // function 'verifySQLQuery()' is defined in 'include.inc.php' (since it's also used by 'rss.php') } elseif ($formType == "simpleSearch") { $query = extractFormElementsSimple($showLinks, $userID); } elseif ($formType == "librarySearch") { $query = extractFormElementsLibrary($showLinks, $userID); } elseif ($formType == "advancedSearch") { $query = extractFormElementsAdvanced($showLinks, $loginEmail, $userID); } elseif ($formType == "refineSearch" or $formType == "displayOptions") { list($query, $displayType) = extractFormElementsRefineDisplay($tableRefs, $displayType, $originalDisplayType, $sqlQuery, $showLinks, $citeOrder, $userID); // function 'extractFormElementsRefineDisplay()' is defined in 'include.inc.php' since it's also used by 'users.php' } elseif ($formType == "queryResults") { list($query, $displayType) = extractFormElementsQueryResults($displayType, $originalDisplayType, $showLinks, $citeOrder, $orderBy, $userID, $sqlQuery, $referer, $recordSerialsArray, $recordsSelectionRadio); } elseif ($formType == "extractSearch") { $query = extractFormElementsExtract($showLinks, $citeOrder, $userID); } elseif ($formType == "myRefsSearch") { $query = extractFormElementsMyRefs($showLinks, $loginEmail, $userID); } elseif ($formType == "quickSearch") { list($query, $displayType) = extractFormElementsQuick($sqlQuery, $showLinks, $userID, $displayType, $originalDisplayType); } elseif ($formType == "myRefsBrowse") { $query = extractFormElementsBrowseMyRefs($showLinks, $loginEmail, $userID); } elseif ($formType == "groupSearch") { list($query, $displayType) = extractFormElementsGroup($sqlQuery, $showLinks, $userID, $displayType, $originalDisplayType); } // -------------------------------------------------------------------- // this is to support the '$fileVisibilityException' feature from 'ini.inc.php': if (preg_match("/^SELECT/i", $query) and $displayType != "Browse" and !empty($fileVisibilityException) and !preg_match("/SELECT.+{$fileVisibilityException['0']}.+FROM/i", $query)) { $query = preg_replace("/(, orig_record)?(, serial)?(, file, url, doi, isbn, type)? FROM {$tableRefs}/i", ", {$fileVisibilityException['0']}\\1\\2\\3 FROM {$tableRefs}", $query);
$nothingChecked = false; } // -------------------------------------------------------------------- // CONSTRUCT SQL QUERY: // --- Embedded sql query: ---------------------- if ($formType == "sqlSearch") { $query = preg_replace("/ FROM {$tableUsers}/i", ", user_id FROM {$tableUsers}", $sqlQuery); // add 'user_id' column (which is required in order to obtain unique checkbox names as well as for use in the 'getUserID()' function) $query = stripSlashesIfMagicQuotes($query); } elseif ($formType == "refineSearch" or $formType == "displayOptions") { list($query, $displayType) = extractFormElementsRefineDisplay($tableUsers, $displayType, $originalDisplayType, $sqlQuery, $showLinks, "", ""); // function 'extractFormElementsRefineDisplay()' is defined in 'include.inc.php' since it's also used by 'users.php' } elseif ($formType == "groupSearch") { $query = extractFormElementsGroup($sqlQuery); } elseif ($formType == "queryResults") { list($query, $displayType) = extractFormElementsQueryResults($displayType, $originalDisplayType, $sqlQuery, $recordSerialsArray); } else { $query = "SELECT first_name, last_name, abbrev_institution, email, last_login, logins, user_id FROM {$tableUsers} WHERE user_id RLIKE \".+\" ORDER BY last_login DESC, last_name, first_name"; } // ---------------------------------------------- // (1) OPEN CONNECTION, (2) SELECT DATABASE connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php' // (3) RUN the query on the database through the connection: $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php' // ---------------------------------------------- // (4a) DISPLAY header: $query = preg_replace("/, user_id FROM {$tableUsers}/i", " FROM {$tableUsers}", $query); // strip 'user_id' column from SQL query (so that it won't get displayed in query strings) $queryURL = rawurlencode($query);