die($objectTools->JSONError(301));
}
if (!isset($_POST["t"])) {
die($objectTools->JSONError(301));
}
$values = str_replace("'", '"', $values);
$values_split = explode(",", $values);
$fields_full = explode(",", $fields);
if (count($fields_full) != count($values_split)) {
die($objectTools->JSONError(301));
}
/**
* check the blacklist
*/
if (isset($fields)) {
$exist = $blacklist->existItem("G", $_POST["t"], "*");
if (!$exist) {
$exist = $blacklist->existItem("G", $table, $fields);
}
} else {
$exist = $blacklist->existItem("G", $table, "*");
}
/**
* If the query is not allowed -> die
*/
if ($exist) {
die($objectTools->JSONError(401));
}
/**
* Create the sql sentence with get parameters
*/
function postData($table, $post_parameters)
{
$blacklist = new BlackList();
/**
* check the blacklist
*/
$values = "";
$columns = "";
$values_array = "";
$columns_array = "";
$first_iteration = true;
$counter = 0;
while (list($field, $value) = each($post_parameters)) {
// Detect if it is a text or number
$value = is_numeric($value) ? $value : "'" . $value . "'";
// join the string with (,) ie: value1,value2,value3
$values .= $first_iteration ? $value : "," . $value;
$columns .= $first_iteration ? $field : "," . $field;
$values_array[$counter] = $value;
$columns_array[$counter] = $field;
$first_iteration = false;
$counter++;
}
if ($blacklist->existItem("G", $table, "*")) {
die($this->JSONError(401));
}
if (!empty($post_parameters)) {
for ($i = 0; $i < count($columns_array); $i++) {
if ($blacklist->existItem("G", $table, $columns_array[$i])) {
die($this->JSONError(401));
}
}
}
/**
* Create the sql sentence with the post parameters
*/
if ($values != "") {
$sql = "INSERT INTO {$table} ({$columns}) VALUES ({$values})";
}
$function = "json";
if ($function == "json") {
header('Content-Type: application/json');
$result = $this->setDataBySQL($sql);
if (!$result) {
die($this->JSONError(303));
}
$indices = "";
$rawdata = "";
var_dump($columns_array);
for ($i = 0; $i < count($columns_array); $i++) {
$rawdata[0][$i] = $values_array[$i];
$rawdata[0][$columns_array[$i]] = $values_array[$i];
$indices[$i] = $columns_array[$i];
$i++;
}
$json["data"] = $rawdata;
$json["dbInfo"] = $indices;
echo json_encode($json);
} else {
if ($function == "xml") {
} else {
die($this->JSONError(301));
}
}
}
* @author Alejandro Esquiva Rodríguez [@alex_esquiva] <*****@*****.**>
* @license Apache License, Version 2.0
* @link https://github.com/GeekyTheory/Automatic-API-REST
*/
include_once 'inc/functions.php';
require_once "inc/autentification.php";
$blacklist = new BlackList();
if (isset($_GET["a"])) {
if ($_GET["a"] == "add") {
$tool = new Tools();
$fields = $tool->getFieldsByTable($_GET["table"]);
$num_fields = count($fields);
if ($_GET["column"] == "*") {
//Get all columns from table
for ($i = 0; $i < count($fields); $i++) {
if (!$blacklist->existItem($_GET["type"], $_GET["table"], $fields[$i])) {
$blacklist->createItem($_GET["type"], $_GET["table"], $fields[$i]);
}
}
$blacklist->createItem($_GET["type"], $_GET["table"], $_GET["column"]);
} else {
$blacklist->createItem($_GET["type"], $_GET["table"], $_GET["column"]);
$num_fields_check = 0;
for ($i = 0; $i < count($fields); $i++) {
if ($blacklist->existItem($_GET["type"], $_GET["table"], $fields[$i])) {
$num_fields_check++;
}
}
if ($num_fields == $num_fields_check) {
//Añadimos *
$blacklist->createItem($_GET["type"], $_GET["table"], "*");
