$control_password->readWebValue($values, $blobfields, NULL, NULL, $filename_values); // processing email $control_email = $pageObject->getControl("email", $id); $control_email->readWebValue($values, $blobfields, NULL, NULL, $filename_values); $strUsername = $values["username"]; $strPassword = $values["password"]; $strEmail = $values["email"]; if ($regCipherer->isFieldEncrypted("username")) { $sUsername = $regCipherer->MakeDBValue("username", $strUsername, "", true); } else { $sUsername = add_db_quotes("username", $strUsername); } if ($regCipherer->isFieldEncrypted("email")) { $sEmail = $regCipherer->MakeDBValue("email", $strEmail, "", true); } else { $sEmail = add_db_quotes("email", $strEmail); } // add filenames to values foreach ($filename_values as $key => $value) { $values[$key] = $value; } // check if entered username already exists if (!strlen($strUsername)) { $pageObject->jsSettings['tableSettings'][$strTableName]['msg_userError'] = "Username can not be empty."; $allow_registration = false; } else { $strSQL = "select count(*) from " . $pageObject->connection->addTableWrappers("ConsolidatedStockEnquiry_users") . " where " . $pageObject->getFieldSQLDecrypt("username") . "=" . $sUsername; $data = $pageObject->connection->query($strSQL)->fetchNumeric(); if ($data[0] > 0) { $pageObject->jsSettings['tableSettings'][$strTableName]['msg_userError'] = "Username" . " <i>" . $strUsername . "</i> " . "already exists. Choose another username."; $allow_registration = false;
function InsertRecord($arr, $recInd) { global $goodlines, $conn, $error_message, $keys_present, $keys, $strOriginalTableName, $strTableName, $eventObj, $locale_info, $auditObj; $ret = 1; $rawvalues = array(); foreach ($arr as $key => $val) { $rawvalues[$key] = $val; $type = GetFieldType($key); if (!NeedQuotes($type)) { $value = (string) $val; $value = str_replace(",", ".", $value); if (strlen($value) > 0) { $value = str_replace($locale_info["LOCALE_SCURRENCY"], "", $value); $arr[$key] = 0 + $value; } else { $arr[$key] = NULL; } } } $retval = true; if ($eventObj->exists('BeforeInsert')) { $retval = $eventObj->BeforeInsert($rawvalues, $arr); } if ($retval) { $fields = array_keys($arr); foreach ($fields as $key => $val) { $fields_list[$key] = AddFieldWrappers(GetFullFieldName($val)); } $values_list = ""; foreach ($arr as $key => $val) { if (!is_null($arr[$key])) { $values_list .= add_db_quotes($key, $val) . ", "; } else { $values_list .= "NULL, "; } } if (strlen($values_list) > 0) { $values_list = substr($values_list, 0, strlen($values_list) - 2); } $sql = "insert into " . AddTableWrappers($strOriginalTableName) . " (" . implode(",", $fields_list) . ") values (" . $values_list . ")"; if (db_exec_import($sql, $conn)) { $goodlines++; if ($auditObj) { $aKeys = GetKeysArray($arr, true); $auditObj->LogAdd($strTableName, $arr, $aKeys); } } else { $temp_error_message = "<b>Error:</b> in the line: " . implode(",", $arr) . ' <a linkType="debugOpener" recId="' . $recInd . '" href="" onclick="importMore(' . $recInd . ');">More info</a><br>'; $temp_error_message .= '<div id="importDebugInfoTable' . $recInd . '" cellpadding="3" cellspacing="1" align="center" style="display: none;"><p class="error">SQL query: ' . $sql . '; </p><p class="error">DB error: ' . db_error($conn) . ';</p></div>'; $temp_error_message .= "<br><br>"; // we'll try to update the record if ($keys_present) { $sql = "update " . AddTableWrappers($strOriginalTableName) . " set "; $sqlset = ""; $where = " where "; foreach ($fields as $k => $val) { if (!in_array(AddFieldWrappers($fields[$k]), $keys)) { if (!is_null($arr[$val])) { $sqlset .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . ", "; } else { $sqlset .= $fields_list[$k] . "=NULL, "; } } else { $where .= $fields_list[$k] . "=" . add_db_quotes($val, $arr[$val]) . " and "; } } if (strlen($sqlset) > 0) { $sql .= substr($sqlset, 0, strlen($sqlset) - 2); } $where = substr($where, 0, strlen($where) - 5); $sql .= " " . $where; $rstmp = db_query("select * from " . AddTableWrappers($strOriginalTableName) . " " . $where, $conn); $data = db_fetch_array($rstmp); if ($data) { if ($auditObj) { foreach ($data as $key => $val) { $auditOldValues[$key] = $val; } } if (db_exec_import($sql, $conn)) { // update successfull $goodlines++; if ($auditObj) { $aKeys = GetKeysArray($arr); $auditObj->LogEdit($strTableName, $arr, $auditOldValues, $aKeys); } } else { echo 'not updated'; // update not successfull $error_message .= $temp_error_message; $ret = 0; } } else { $error_message .= $temp_error_message; $ret = 0; } } else { $error_message .= $temp_error_message; } } return $ret; } }
function DoInsertRecordSQL($table, &$avalues, &$blobfields, $pageid, &$pageObject, &$cipherer) { global $error_happened, $conn, $inlineadd, $usermessage, $message, $failed_inline_add, $keys, $strTableName; // make SQL string $strSQL = "insert into " . AddTableWrappers($table) . " "; $strFields = "("; $strValues = "("; $blobs = PrepareBlobs($avalues, $blobfields); foreach ($avalues as $akey => $value) { $strFields .= $pageObject->pSet->getTableField($akey) . ", "; if (in_array($akey, $blobfields)) { $strValues .= $value . ", "; } else { if (is_null($cipherer)) { $strValues .= add_db_quotes($akey, $value) . ", "; } else { $strValues .= $cipherer->AddDBQuotes($akey, $value) . ", "; } } } if (substr($strFields, -2) == ", ") { $strFields = substr($strFields, 0, strlen($strFields) - 2); } if (substr($strValues, -2) == ", ") { $strValues = substr($strValues, 0, strlen($strValues) - 2); } $strSQL .= $strFields . ") values " . $strValues . ")"; if (!ExecuteUpdate($pageObject, $strSQL, $blobs, true)) { return false; } if ($error_happened) { return false; } $pageObject->ProcessFiles(); if ($inlineadd == ADD_INLINE) { $status = "ADDED"; $message = "" . "Record was added" . ""; $IsSaved = true; } else { $message = "<<< " . "Record was added" . " >>>"; } if ($usermessage != "") { $message = $usermessage; } $auditObj = GetAuditObject($table); if ($inlineadd == ADD_SIMPLE || $inlineadd == ADD_INLINE || $inlineadd == ADD_ONTHEFLY || $inlineadd == ADD_POPUP || $inlineadd == ADD_MASTER || tableEventExists("AfterAdd", $strTableName) || $auditObj) { $failed_inline_add = false; $keyfields = $pageObject->pSet->getTableKeys(); foreach ($keyfields as $k) { if (array_key_exists($k, $avalues)) { $keys[$k] = $avalues[$k]; } elseif ($pageObject->pSet->isAutoincField($k)) { $lastrs = @db_query("SELECT lastval()", $conn); if ($lastdata = db_fetch_numarray($lastrs)) { $keys[$k] = $lastdata[0]; } } else { $failed_inline_add = true; } } } return true; }
/** * Get the WHERE clause conditions string for the search or suggest SQL query * @param String SearchFor * @param String strSearchOption * @param String SearchFor2 * @param String etype * @param Boolean isSuggest */ function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult != "") { return $baseResult; } if (!strlen($SearchFor)) { return ""; } $value1 = $this->pageObject->cipherer->MakeDBValue($this->field, $SearchFor, $etype, true); $value2 = false; $cleanvalue2 = false; if ($strSearchOption == "Between") { $cleanvalue2 = prepare_for_db($this->field, $SearchFor2, $etype); $value2 = make_db_value($this->field, $SearchFor2, $etype); } if ($strSearchOption != "Contains" && $strSearchOption != "Starts with" && ($value1 === "null" || $value2 === "null") && !$this->pageObject->cipherer->isFieldPHPEncrypted($this->field)) { return ""; } if (($strSearchOption == "Contains" || $strSearchOption == "Starts with") && !$this->isStringValidForLike($SearchFor)) { return ""; } $searchIsCaseInsensitive = $this->pageObject->pSetEdit->getNCSearch(); if (IsCharType($this->type) && !$this->btexttype) { $gstrField = $this->getFieldSQLDecrypt(); if (!$this->pageObject->cipherer->isFieldPHPEncrypted($this->field) && $searchIsCaseInsensitive) { $value1 = $this->connection->upper($value1); $value2 = $this->connection->upper($value2); $gstrField = $this->connection->upper($gstrField); } } elseif ($strSearchOption == "Contains" || $strSearchOption == "Starts with") { $gstrField = $this->connection->field2char($this->getFieldSQLDecrypt(), $this->type); } elseif ($this->pageObject->pSetEdit->getViewFormat($this->field) == FORMAT_TIME) { $gstrField = $this->connection->field2time($this->getFieldSQLDecrypt(), $this->type); } else { $gstrField = $this->getFieldSQLDecrypt(); } if ($strSearchOption == "Contains") { if ($this->pageObject->cipherer->isFieldPHPEncrypted($this->field)) { return $gstrField . "=" . $this->pageObject->cipherer->MakeDBValue($this->field, $SearchFor); } $SearchFor = $this->connection->escapeLIKEpattern($SearchFor); if (IsCharType($this->type) && !$this->btexttype && $searchIsCaseInsensitive) { return $gstrField . " " . $this->like . " " . $this->connection->upper($this->connection->prepareString("%" . $SearchFor . "%")); } return $gstrField . " " . $this->like . " " . $this->connection->prepareString("%" . $SearchFor . "%"); } if ($strSearchOption == "Equals") { return $gstrField . "=" . $value1; } if ($strSearchOption == "Starts with") { $SearchFor = $this->connection->escapeLIKEpattern($SearchFor); if (IsCharType($this->type) && !$this->btexttype && $searchIsCaseInsensitive) { return $gstrField . " " . $this->like . " " . $this->connection->upper($this->connection->prepareString($SearchFor . "%")); } return $gstrField . " " . $this->like . " " . $this->connection->prepareString($SearchFor . "%"); } if ($strSearchOption == "More than") { return $gstrField . ">" . $value1; } if ($strSearchOption == "Less than") { return $gstrField . "<" . $value1; } if ($strSearchOption == "Equal or more than") { return $gstrField . ">=" . $value1; } if ($strSearchOption == "Equal or less than") { return $gstrField . "<=" . $value1; } if ($strSearchOption == "Between") { $ret = $gstrField . ">=" . $value1 . " and "; if (IsDateFieldType($this->type)) { $timeArr = db2time($cleanvalue2); // for dates without time, add one day if ($timeArr[3] == 0 && $timeArr[4] == 0 && $timeArr[5] == 0) { $timeArr = adddays($timeArr, 1); $value2 = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2]; $value2 = add_db_quotes($this->field, $value2, $this->pageObject->tName); $ret .= $gstrField . "<" . $value2; } else { $ret .= $gstrField . "<=" . $value2; } } else { $ret .= $gstrField . "<=" . $value2; } return $ret; } return ""; }
/** * insert record on Add page * @param RunnerPage &pageObject * @intellisense */ function DoInsertRecordSQLOnAdd(&$pageObject) { $table = $pageObject->pSet->getOriginalTableName(); $avalues = $pageObject->getNewRecordData(); $blobfields = $pageObject->getBlobFields(); // make SQL string $strSQL = "insert into " . $pageObject->connection->addTableWrappers($table) . " "; $strFields = "("; $strValues = "("; $blobs = PrepareBlobs($avalues, $blobfields, $pageObject); foreach ($avalues as $akey => $value) { $strFields .= $pageObject->getTableField($akey) . ", "; if (in_array($akey, $blobfields)) { $strValues .= $value . ", "; } else { if (is_null($pageObject->cipherer)) { $strValues .= add_db_quotes($akey, $value) . ", "; } else { $strValues .= $pageObject->cipherer->AddDBQuotes($akey, $value) . ", "; } } } if (substr($strFields, -2) == ", ") { $strFields = substr($strFields, 0, strlen($strFields) - 2); } if (substr($strValues, -2) == ", ") { $strValues = substr($strValues, 0, strlen($strValues) - 2); } $strSQL .= $strFields . ") values " . $strValues . ")"; if (!ExecuteUpdate($pageObject, $strSQL, $blobs)) { return false; } return true; }
/** * Check if the field's value duplicates with any of database field's values * * @param {String} $fieldName * @param {String | Number} $value * @retrun {Boolean} */ function hasDuplicateValue($fieldName, $value) { if ($this->cipherer->isFieldEncrypted($fieldName)) { $value = $this->cipherer->MakeDBValue($fieldName, $value, "", true); } else { $value = add_db_quotes($fieldName, $value); } $where = $this->getFieldSQLDecrypt($fieldName) . '=' . $value; $sql = "SELECT count(*) from " . $this->connection->addTableWrappers($this->pSet->getOriginalTableName()) . " where " . $where; $data = $this->connection->query($sql)->fetchNumeric(); if (!$data[0]) { return false; } return true; }
/** * Get the date slider's where * @return string */ static function getDateSliderWhere($fName, $pSet, $cipherer, $table, $SearchFor, $SearchFor2, $strSearchOption, $fullFieldName) { $firstDelimPos = strpos($SearchFor, "-"); $lastDelimPos = strrpos($SearchFor, "-"); if ($firstDelimPos === FALSE || $firstDelimPos == $lastDelimPos) { return ""; } $stepType = $pSet->getFilterStepType($fName); $timeValueEnvolved = false; if ($stepType == FSST_SECONDS || $stepType == FSST_MINUTES || $stepType == FSST_HOURS) { $timeValueEnvolved = true; } $value1 = $cipherer->MakeDBValue($fName, $SearchFor, "", true); switch ($strSearchOption) { case "slider": $firstDelimPos = strpos($SearchFor2, "-"); $lastDelimPos = strrpos($SearchFor2, "-"); if ($firstDelimPos === FALSE || $firstDelimPos == $lastDelimPos) { return ""; } $cleanvalue2 = prepare_for_db($fName, $SearchFor2, ""); $timeArr = db2time($cleanvalue2); if (!$timeValueEnvolved) { // for dates without time, add one day $timeArr = adddays($timeArr, 1); $value2 = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2]; } else { if ($stepType == FSST_SECONDS) { $timeArr = addSeconds($timeArr, 1); } else { $timeArr = addMinutes($timeArr, 1); } $dateString = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2]; $hours = $timeArr[3] < 10 ? '0' . $timeArr[3] : $timeArr[3]; $minutes = $timeArr[4] < 10 ? '0' . $timeArr[4] : $timeArr[4]; $seconds = $timeArr[5] < 10 ? '0' . $timeArr[5] : $timeArr[5]; $timeString = $hours . ":" . $minutes . ":" . $seconds; $value2 = $dateString . " " . $timeString; } $value2 = add_db_quotes($fName, $value2, $table); return $fullFieldName . ">=" . $value1 . " and " . $fullFieldName . "<" . $value2; case 'moreequal': return $fullFieldName . ">=" . $value1; case 'lessequal': return $fullFieldName . "<=" . $value1; default: return ""; } }
/** * @param String field * @param Mixed value */ public function AddDBQuotes($field, $value) { return $this->EncryptValueByDB($field, add_db_quotes($field, $this->EncryptField($field, $value), $this->strTableName)); }
/** * Get the WHERE clause conditions string for the search or suggest SQL query * @param String SearchFor * @param String strSearchOption * @param String SearchFor2 * @param String etype * @param Boolean isSuggest * @return String */ function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { if ($this->lookupType == LT_LISTOFVALUES) { return parent::SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest); } $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult !== "") { return $baseResult; } if ($this->connection->dbType != nDATABASE_MySQL) { $this->btexttype = IsTextType($this->type); } if ($this->multiselect && $strSearchOption != "Equals") { $SearchFor = splitvalues($SearchFor); } else { $SearchFor = array($SearchFor); } $gstrField = $this->getFieldSQLDecrypt(); $gstrField = $this->getFieldSQLDecrypt(); if (($strSearchOption == "Starts with" || $strSearchOption == "Contains") && (!IsCharType($this->type) || $this->btexttype)) { $gstrField = $this->connection->field2char($gstrField, $this->type); } $ret = ""; foreach ($SearchFor as $searchItem) { $value = $searchItem; if ($value == "null" || $value == "Null" || $value == "") { continue; } if (strlen(trim($ret))) { $ret .= " or "; } if (($strSearchOption == "Starts with" || $strSearchOption == "Contains") && !$this->multiselect) { $value = $this->connection->escapeLIKEpattern($value); if ($strSearchOption == "Starts with") { $value .= '%'; } if ($strSearchOption == "Contains") { $value = '%' . $value . '%'; } } if ($strSearchOption != "Starts with" && $strSearchOption != "Contains") { $value = make_db_value($this->field, $value); } $searchIsCaseInsensitive = $this->pageObject->pSetEdit->getNCSearch(); if ($strSearchOption == "Equals" && !($value == "null" || $value == "Null")) { $condition = $gstrField . '=' . $value; } else { if (($strSearchOption == "Starts with" || $strSearchOption == "Contains") && !$this->multiselect) { $condition = $gstrField . " " . $this->like . " " . $this->connection->prepareString($value); } else { if ($strSearchOption == "More than") { $condition = $gstrField . " > " . $value; } else { if ($strSearchOption == "Less than") { $condition = $gstrField . "<" . $value; } else { if ($strSearchOption == "Equal or more than") { $condition = $gstrField . ">=" . $value1; } else { if ($strSearchOption == "Equal or less than") { $condition = $gstrField . "<=" . $value1; } else { if ($strSearchOption == "Between") { $value2 = $this->connection->prepareString($SearchFor2); if ($this->lookupType == LT_QUERY && IsCharType($this->type) && !$this->btexttype && $searchIsCaseInsensitive) { $value2 = $this->connection->upper($value2); } $condition = $gstrField . ">=" . $value . " and "; if (IsDateFieldType($this->type)) { $timeArr = db2time($SearchFor2); // for dates without time, add one day if ($timeArr[3] == 0 && $timeArr[4] == 0 && $timeArr[5] == 0) { $timeArr = adddays($timeArr, 1); $SearchFor2 = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2]; $SearchFor2 = add_db_quotes($this->field, $SearchFor2, $this->tName); $condition .= $gstrField . "<" . $SearchFor2; } else { $condition .= $gstrField . "<=" . $value2; } } else { $condition .= $gstrField . "<=" . $value2; } } else { if ($this->multiselect) { if (strpos($value, ",") !== false || strpos($value, '"') !== false) { $value = '"' . str_replace('"', '""', $value) . '"'; } $fullFieldName = $this->getFieldSQLDecrypt(); $value = $this->connection->escapeLIKEpattern($value); //for search by multiply Lookup wizard field $ret .= $fullFieldName . " = " . $this->connection->prepareString($value); $ret .= " or " . $fullFieldName . " " . $this->like . " " . $this->connection->prepareString("%," . $value . ",%"); $ret .= " or " . $fullFieldName . " " . $this->like . " " . $this->connection->prepareString("%," . $value); $ret .= " or " . $fullFieldName . " " . $this->like . " " . $this->connection->prepareString($value . ",%"); } } } } } } } } if ($condition != "" && ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Equals" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between")) { if ($this->linkAndDisplaySame || $strSearchOption != "Contains" && $strSearchOption != "Starts with") { $ret .= " " . $condition; } else { return ""; } } } $ret = trim($ret); if (strlen($ret)) { $ret = "(" . $ret . ")"; } return $ret; }
function SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest) { if ($this->lookupType == LT_LISTOFVALUES) { return parent::SQLWhere($SearchFor, $strSearchOption, $SearchFor2, $etype, $isSuggest); } $baseResult = $this->baseSQLWhere($strSearchOption); if ($baseResult === false) { return ""; } if ($baseResult != "") { return $baseResult; } $displayFieldType = $this->type; if ($this->lookupType == LT_QUERY) { $displayFieldType = $this->lookupPSet->getFieldType($this->field); $this->btexttype = IsTextType($displayFieldType); } if ($this->multiselect) { $SearchFor = splitvalues($SearchFor); } else { $SearchFor = array($SearchFor); } $ret = ""; if ($this->linkAndDisplaySame) { $gstrField = GetFullFieldName($this->field, "", false); } else { $gstrField = GetFullFieldName($this->displayFieldName, $this->lookupTable, false); } if ($this->customDisplay) { $gstrField = $this->lwDisplayFieldWrapped; } else { if (!$this->linkAndDisplaySame && $this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype && !$this->ciphererDisplay->isFieldPHPEncrypted($this->displayFieldName)) { $gstrField = $this->lookupPSet->isEnableUpper(GetFullFieldName($this->displayFieldName, $this->lookupTable, false)); } } foreach ($SearchFor as $value) { if (!($value == "null" || $value == "Null" || $value == "")) { if (strlen(trim($ret))) { $ret .= " or "; } if (!$this->multiselect) { if ($strSearchOption == "Starts with") { $value .= '%'; } if ($isSuggest || $strSearchOption == "Contains") { $value = '%' . $value . '%'; } if ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between" || $strSearchOption == "Equals" && $this->LCType == LCT_AJAX && !$this->linkAndDisplaySame) { $value = $this->escapeSearchValForMySQL($value); if ($this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype) { $value = $this->lookupPSet->isEnableUpper(db_prepare_string($value)); } else { $value = db_prepare_string($value); } } else { if ($strSearchOption == "Equals") { $value = make_db_value($this->field, $value); } } } if ($strSearchOption == "Equals") { if (!($value == "null" || $value == "Null")) { if ($this->LCType == LCT_AJAX && !$this->linkAndDisplaySame) { $condition = $gstrField . '=' . $value; } else { $condition = GetFullFieldName($this->field, "", false) . '=' . $value; } } } else { if ($strSearchOption == "Starts with" || $strSearchOption == "Contains" && !$this->multiselect) { $condition = $gstrField . " " . $this->like . " " . $value; } else { if ($strSearchOption == "More than") { $condition = $gstrField . " > " . $value; } else { if ($strSearchOption == "Less than") { $condition = $gstrField . "<" . $value; } else { if ($strSearchOption == "Equal or more than") { $condition = $gstrField . ">=" . $value1; } else { if ($strSearchOption == "Equal or less than") { $condition = $gstrField . "<=" . $value1; } else { if ($strSearchOption == "Between") { if ($this->lookupType == LT_QUERY && IsCharType($displayFieldType) && !$this->btexttype) { $value2 = $this->lookupPSet->isEnableUpper(db_prepare_string($SearchFor2)); } else { $value2 = db_prepare_string($SearchFor2); } $condition = $gstrField . ">=" . $value . " and "; if (IsDateFieldType($this->type)) { $timeArr = db2time($SearchFor2); // for dates without time, add one day if ($timeArr[3] == 0 && $timeArr[4] == 0 && $timeArr[5] == 0) { $timeArr = adddays($timeArr, 1); $SearchFor2 = $timeArr[0] . "-" . $timeArr[1] . "-" . $timeArr[2]; $SearchFor2 = add_db_quotes($this->field, $SearchFor2, $this->pageObject->tName); $condition .= $gstrField . "<" . $SearchFor2; } else { $condition .= $gstrField . "<=" . $value2; } } else { $condition .= $gstrField . "<=" . $value2; } } else { if (strpos($value, ",") !== false || strpos($value, '"') !== false) { $value = '"' . str_replace('"', '""', $value) . '"'; } $value = $this->escapeSearchValForMySQL($value); //for search by multiply Lookup wizard field $ret .= GetFullFieldName($this->field, "", false) . " = " . db_prepare_string($value); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string("%," . $value . ",%"); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string("%," . $value); $ret .= " or " . GetFullFieldName($this->field, "", false) . " " . $this->like . " " . db_prepare_string($value . ",%"); } } } } } } } if ($condition != "" && ($isSuggest || $strSearchOption == "Contains" || $strSearchOption == "Equals" || $strSearchOption == "Starts with" || $strSearchOption == "More than" || $strSearchOption == "Less than" || $strSearchOption == "Equal or more than" || $strSearchOption == "Equal or less than" || $strSearchOption == "Between")) { if ($this->linkAndDisplaySame || $strSearchOption == "Equals" && $this->LCType != LCT_AJAX) { $ret .= " " . $condition; } else { if ($this->lookupType == LT_QUERY) { $lookupQueryObj = $this->lookupPSet->getSQLQuery(); $ret .= " EXISTS (" . $lookupQueryObj->toSql($condition . " and " . GetFullFieldName($this->linkFieldName, $this->lookupTable, false) . " = " . AddTableWrappers($this->pageObject->pSetEdit->getStrOriginalTableName()) . "." . AddFieldWrappers($this->field), '', null, false) . ")"; } else { $ret .= " EXISTS (SELECT 1 as fld from " . AddTableWrappers($this->lookupTable) . " where " . $condition . " and " . $this->lwLinkField . " = " . AddTableWrappers($this->pageObject->pSetEdit->getStrOriginalTableName()) . "." . AddFieldWrappers($this->field) . ")"; } } } } } if (strlen(trim($ret))) { $ret = "(" . $ret . ")"; } else { $ret = trim($ret); } return $ret; }
/** * insert record on Add & Register pages * @intellisense */ function DoInsertRecordSQL($table,&$avalues,&$blobfields, $pageid, &$pageObject, &$cipherer, &$keys) { global $error_happened,$conn,$inlineadd,$message,$failed_inline_add,$strTableName; // make SQL string $strSQL = "insert into ".AddTableWrappers($table)." "; $strFields="("; $strValues="("; $blobs = PrepareBlobs($avalues,$blobfields); foreach($avalues as $akey=>$value) { $strFields .= $pageObject->pSet->getTableField($akey).", "; if(in_array($akey, $blobfields)) $strValues.=$value.", "; else if(is_null($cipherer)) $strValues .= add_db_quotes($akey,$value).", "; else $strValues .= $cipherer->AddDBQuotes($akey,$value).", "; } if(substr($strFields,-2)==", ") $strFields=substr($strFields,0,strlen($strFields)-2); if(substr($strValues,-2)==", ") $strValues=substr($strValues,0,strlen($strValues)-2); $strSQL.=$strFields.") values ".$strValues.")"; if(!ExecuteUpdate($pageObject,$strSQL,$blobs,true)) return false; if($error_happened) return false; $pageObject->ProcessFiles(); if ( $inlineadd==ADD_INLINE ) { $status="ADDED"; $message=""."Record was added".""; $IsSaved = true; } else $message="<<< "."Record was added"." >>>"; $auditObj = GetAuditObject($table); if($inlineadd==ADD_SIMPLE || $inlineadd==ADD_INLINE || $inlineadd==ADD_ONTHEFLY || $inlineadd==ADD_POPUP || $inlineadd==ADD_MASTER || tableEventExists("AfterAdd",$strTableName) || $auditObj) { $keys = prepareTableKeysAfterInsert($table, $avalues, $pageObject, $keys); } return true; }
/** * Check if the field's value duplicates with any of database field's values * * @param {String} $fieldName * @param {String | Number} $value * @retrun {Boolean} */ function hasDuplicateValue($fieldName, $value) { global $conn; if($this->cipherer->isFieldEncrypted($fieldName)) { $value = $this->cipherer->MakeDBValue($fieldName, $value, "", "", true); } else { $value = add_db_quotes($fieldName, $value); } $where = GetFullFieldName($fieldName, $this->tName, false).'='.$value; $sql = "SELECT count(*) from ".AddTableWrappers($this->pSet->getOriginalTableName())." where ".$where; $rs = db_query($sql, $conn); $data = db_fetch_numarray($rs); if(!$data[0]) { return false; } return true; }
/** * Get the time slider's where * @return string */ static function getTimeSliderWhere($fName, $pSet, $cipherer, $table, $SearchFor, $SearchFor2, $strSearchOption, $fullFieldName) { $firstDelimPos = strpos($SearchFor, ":"); $lastDelimPos = strrpos($SearchFor, ":"); if ($firstDelimPos === FALSE || $firstDelimPos == $lastDelimPos) { return ""; } $stepType = $pSet->getFilterStepType($fName); $value1 = $cipherer->MakeDBValue($fName, $SearchFor, "", true); switch ($strSearchOption) { case "slider": $firstDelimPos = strpos($SearchFor2, ":"); $lastDelimPos = strrpos($SearchFor2, ":"); if ($firstDelimPos === FALSE || $firstDelimPos == $lastDelimPos) { return ""; } $cleanvalue2 = prepare_for_db($fName, $SearchFor2, ""); $timeArr = parsenumbers($cleanvalue2); if ($stepType == FSST_SECONDS) { $timeArr = addSecondsToTime($timeArr, 1); } else { $timeArr = addMinutesToTime($timeArr, 1); } $hours = $timeArr[0] < 10 ? '0' . $timeArr[0] : $timeArr[0]; $minutes = $timeArr[1] < 10 ? '0' . $timeArr[1] : $timeArr[1]; $seconds = $timeArr[2] < 10 ? '0' . $timeArr[2] : $timeArr[2]; $value2 = $hours . ":" . $minutes . ":" . $seconds; $value2 = add_db_quotes($fName, $value2, $table); return $fullFieldName . ">=" . $value1 . " and " . $fullFieldName . "<" . $value2; case 'moreequal': return $fullFieldName . ">=" . $value1; case 'lessequal': return $fullFieldName . "<=" . $value1; default: return ""; } }