public function deleteRow($data)
{
$d = new ParameterObject($data);
$qry = sprintf('DELETE FROM %s WHERE %s', $d->getAttribute(PO::ATTR_TABLE), $this->easyBuildQueyClause($d->getAttribute(PO::ATTR_PRIMARY_KEY_DATA)));
$affected = $this->dbh->exec($qry);
return array('success' => $affected);
}
/**
* Method to check the fixed param keyword for validity and further more escape the free text elems (even if this is not semantic)
* @param array $whereParam
* @param ParameterObject $d
* @param bool $escapeFreeText if the function shall also escape the free text of the where clause
* @return boolean
*/
public static function isWhereClauseValid($whereParam, $d, $escapeFreeText = true)
{
if (Config::useSecureMode() && $whereParam) {
//error_log(print_r($whereParam,true));
$validFields = Config::getValidTables()[$d->getAttribute(PO::ATTR_TABLE)];
$validOperators = array('LIKE', '=', '<=', '>=', '!=');
$validConcaters = array('OR', 'AND');
foreach ($whereParam as $param_group) {
if (in_array($param_group[0], $validFields)) {
if (in_array($param_group[1], $validOperators)) {
if (in_array($param_group[3], $validConcaters) || $param_group[3] === null) {
continue;
}
}
}
return false;
}
if ($escapeFreeText) {
// secure free text elems
$whereParam = array_map(function ($i) {
$i[2] = sprintf('"%s"', addslashes($i[2]));
return $i;
}, $whereParam);
$d->setAttribute(PO::ATTR_CONDITION, $whereParam);
}
return true;
} else {
return true;
}
}
use jQDB\ParameterObject as PO;
error_reporting(0);
// for this script should always only return json -> warnings and errors would destroy everything
if (is_readable($kintPath = '../../kint/Kint.class.php')) {
// debug lib (not required for use of jQDB) note to self: remove
include_once $kintPath;
}
// inheritance
require_once 'inheritance/iConnector.inter.php';
require_once 'inheritance/bConnector.class.php';
require_once 'inheritance/iConfig.inter.php';
// helper
require_once 'helper/ConnectorSelector.class.php';
require_once 'helper/ParameterObject.class.php';
require_once 'helper/SecureModeHelper.class.php';
$dObj = new ParameterObject($_POST['options']);
require_once 'config.class.inc.php';
// the point where the user config is loaded (removed dynamic path configuration from js for security reasons)
$desired_connector = $dObj->getAttribute(PO::ATTR_CONNECTOR);
$cs = new ConnectorSelector();
$connector = $cs->getConector($desired_connector);
// try to select the connector
// host, username, password, db
$authRes = $connector->authenticate(Config::getHost(), Config::getUsername(), Config::getPassword(), $dObj->getAttribute(PO::ATTR_DATABASE_NAME));
$checkRes = SecureModeHelper::checkTable($dObj->getAttribute(PO::ATTR_TABLE), $dObj);
if (is_numeric($checkRes)) {
// we are returned a string in valid case or an int in failure case
$data = array('success' => false);
if ($checkRes === SecureModeHelper::FAILURE_TABLE_INVALID) {
$data['error_str'] = 'You tried to us a table which is not on the whitelist due Secure Mode. Disable Secure Mode or add ' . $dObj->getAttribute(PO::ATTR_TABLE) . ' to the list of allowed tables';
} elseif ($checkRes === SecureModeHelper::FAILURE_FIELD_INVALID) {
