list($sqlQuery, $displayType) = findDuplicates($sqlQuery, $originalDisplayType);
// by passing the generated SQL query thru the 'verifySQLQuery()' function we ensure that necessary fields are added as needed:
// (this function does add/remove user-specific query code as required and will fix problems with escape sequences within the SQL query)
$query = verifySQLQuery($sqlQuery, $referer, $displayType, $showLinks);
// function 'verifySQLQuery()' is defined in 'include.inc.php' (since it's also used by 'rss.php')
} elseif ($formType == "simpleSearch") {
$query = extractFormElementsSimple($showLinks, $userID);
} elseif ($formType == "librarySearch") {
$query = extractFormElementsLibrary($showLinks, $userID);
} elseif ($formType == "advancedSearch") {
$query = extractFormElementsAdvanced($showLinks, $loginEmail, $userID);
} elseif ($formType == "refineSearch" or $formType == "displayOptions") {
list($query, $displayType) = extractFormElementsRefineDisplay($tableRefs, $displayType, $originalDisplayType, $sqlQuery, $showLinks, $citeOrder, $userID);
// function 'extractFormElementsRefineDisplay()' is defined in 'include.inc.php' since it's also used by 'users.php'
} elseif ($formType == "queryResults") {
list($query, $displayType) = extractFormElementsQueryResults($displayType, $originalDisplayType, $showLinks, $citeOrder, $orderBy, $userID, $sqlQuery, $referer, $recordSerialsArray, $recordsSelectionRadio);
} elseif ($formType == "extractSearch") {
$query = extractFormElementsExtract($showLinks, $citeOrder, $userID);
} elseif ($formType == "myRefsSearch") {
$query = extractFormElementsMyRefs($showLinks, $loginEmail, $userID);
} elseif ($formType == "quickSearch") {
list($query, $displayType) = extractFormElementsQuick($sqlQuery, $showLinks, $userID, $displayType, $originalDisplayType);
} elseif ($formType == "myRefsBrowse") {
$query = extractFormElementsBrowseMyRefs($showLinks, $loginEmail, $userID);
} elseif ($formType == "groupSearch") {
list($query, $displayType) = extractFormElementsGroup($sqlQuery, $showLinks, $userID, $displayType, $originalDisplayType);
}
// --------------------------------------------------------------------
// this is to support the '$fileVisibilityException' feature from 'ini.inc.php':
if (preg_match("/^SELECT/i", $query) and $displayType != "Browse" and !empty($fileVisibilityException) and !preg_match("/SELECT.+{$fileVisibilityException['0']}.+FROM/i", $query)) {
$query = preg_replace("/(, orig_record)?(, serial)?(, file, url, doi, isbn, type)? FROM {$tableRefs}/i", ", {$fileVisibilityException['0']}\\1\\2\\3 FROM {$tableRefs}", $query);
$nothingChecked = false;
}
// --------------------------------------------------------------------
// CONSTRUCT SQL QUERY:
// --- Embedded sql query: ----------------------
if ($formType == "sqlSearch") {
$query = preg_replace("/ FROM {$tableUsers}/i", ", user_id FROM {$tableUsers}", $sqlQuery);
// add 'user_id' column (which is required in order to obtain unique checkbox names as well as for use in the 'getUserID()' function)
$query = stripSlashesIfMagicQuotes($query);
} elseif ($formType == "refineSearch" or $formType == "displayOptions") {
list($query, $displayType) = extractFormElementsRefineDisplay($tableUsers, $displayType, $originalDisplayType, $sqlQuery, $showLinks, "", "");
// function 'extractFormElementsRefineDisplay()' is defined in 'include.inc.php' since it's also used by 'users.php'
} elseif ($formType == "groupSearch") {
$query = extractFormElementsGroup($sqlQuery);
} elseif ($formType == "queryResults") {
list($query, $displayType) = extractFormElementsQueryResults($displayType, $originalDisplayType, $sqlQuery, $recordSerialsArray);
} else {
$query = "SELECT first_name, last_name, abbrev_institution, email, last_login, logins, user_id FROM {$tableUsers} WHERE user_id RLIKE \".+\" ORDER BY last_login DESC, last_name, first_name";
}
// ----------------------------------------------
// (1) OPEN CONNECTION, (2) SELECT DATABASE
connectToMySQLDatabase();
// function 'connectToMySQLDatabase()' is defined in 'include.inc.php'
// (3) RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
// ----------------------------------------------
// (4a) DISPLAY header:
$query = preg_replace("/, user_id FROM {$tableUsers}/i", " FROM {$tableUsers}", $query);
// strip 'user_id' column from SQL query (so that it won't get displayed in query strings)
$queryURL = rawurlencode($query);
