function Page_Main() { $GLOBALS["Page"] =& $this; $post = ew_StripSlashes($_POST); if (count($post) == 0) { die("Missing post data."); } //$sql = $qs->getValue("s"); $sql = @$post["s"]; $sql = ew_Decrypt($sql); if ($sql == "") { die("Missing SQL."); } if (strpos($sql, "{filter}") > 0) { $filters = ""; for ($i = 0; $i < 5; $i++) { // Get the filter values (for "IN") $filter = ew_Decrypt(@$post["f" . $i]); if ($filter != "") { $value = @$post["v" . $i]; if ($value == "") { if ($i > 0) { // Empty parent field //continue; // Allow ew_AddFilter($filters, "1=0"); } // Disallow continue; } $arValue = explode(",", $value); $fldtype = intval(@$post["t" . $i]); for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) { $arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype)); } $filter = str_replace("{filter_value}", implode(",", $arValue), $filter); ew_AddFilter($filters, $filter); } } $sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql); } // Get the query value (for "LIKE" or "=") $value = ew_AdjustSql(@$post["q"]); if ($value != "") { $sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql); $sql = str_replace("{query_value}", $value, $sql); } // Replace {query_value_n} preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out); $cnt = count($out[0]); for ($i = 0; $i < $cnt; $i++) { $j = $out[1][$i]; $v = ew_AdjustSql(@$post["q" . $j]); $sql = str_replace("{query_value_" . $j . "}", $v, $sql); } $this->GetLookupValues($sql); }
function Page_Main() { $post = ew_StripSlashes($_POST); if (count($post) == 0) { die("Missing post data."); } //$sql = $qs->getValue("s"); $sql = $post["s"]; $sql = TEAdecrypt($sql, EW_RANDOM_KEY); if ($sql == "") { die("Missing SQL."); } if (strpos($sql, "{filter}") > 0) { $filters = ""; for ($i = 0; $i < 5; $i++) { // Get the filter values (for "IN") $filter = TEAdecrypt($post["f" . $i], EW_RANDOM_KEY); if ($filter != "") { $value = $post["v" . $i]; if ($value == "") { if ($i > 0) { // Empty parent field //continue; // Allow ew_AddFilter($filters, "1=0"); } // Disallow continue; } $arValue = explode(",", $value); $fldtype = intval($post["t" . $i]); for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) { $arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype)); } $filter = str_replace("{filter_value}", implode(",", $arValue), $filter); ew_AddFilter($filters, $filter); } } $sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql); } // Get the query value (for "LIKE" or "=") $value = ew_AdjustSql(@$post["q"]); if ($value != "") { $sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql); $sql = str_replace("{query_value}", $value, $sql); } // Check custom function $fn = @$post["fn"]; if ($fn != "" && function_exists($fn)) { // Custom function(&$sql) $sql = $fn($sql); } $this->GetLookupValues($sql); }
function cField($tblvar, $tblname, $fldvar, $fldname, $fldexp, $fldtype, $flddtfmt, $upload, $fldvirtualexp, $fldvirtual, $forceselect, $fldviewtag = "") { $this->TblVar = $tblvar; $this->TblName = $tblname; $this->FldVar = $fldvar; $this->FldName = $fldname; $this->FldExpression = $fldexp; $this->FldType = $fldtype; $this->FldDataType = ew_FieldDataType($fldtype); $this->FldDateTimeFormat = $flddtfmt; $this->AdvancedSearch = new cAdvancedSearch(); if ($upload) { $this->Upload = new cUpload($this->TblVar, $this->FldVar); } $this->FldVirtualExpression = $fldvirtualexp; $this->FldIsVirtual = $fldvirtual; $this->FldForceSelection = $forceselect; $this->FldViewTag = $fldviewtag; }
function __construct($tblvar, $tblname, $fldvar, $fldname, $fldexp, $fldbsexp, $fldtype, $flddtfmt, $upload, $fldvirtualexp, $fldvirtual, $forceselect, $fldvirtualsrch, $fldviewtag = "", $fldhtmltag = "") { global $Language; $this->TblVar = $tblvar; $this->TblName = $tblname; $this->FldVar = $fldvar; $this->FldName = $fldname; $this->FldExpression = $fldexp; $this->FldBasicSearchExpression = $fldbsexp; $this->FldType = $fldtype; $this->FldDataType = ew_FieldDataType($fldtype); $this->FldDateTimeFormat = $flddtfmt; $this->AdvancedSearch = new cAdvancedSearch($this->TblVar, $this->FldVar); if ($upload) { $this->Upload = new cUpload($this->TblVar, $this->FldVar); } $this->FldVirtualExpression = $fldvirtualexp; $this->FldIsVirtual = $fldvirtual; $this->FldForceSelection = $forceselect; $this->FldVirtualSearch = $fldvirtualsrch; $this->FldViewTag = $fldviewtag; $this->FldHtmlTag = $fldhtmltag; if (isset($_GET[$fldvar])) { $this->setQueryStringValue($_GET[$fldvar], FALSE); } if (isset($_POST[$fldvar])) { $this->setFormValue($_POST[$fldvar], FALSE); } $this->ReqErrMsg = $Language->Phrase("EnterRequiredField"); }
function cField($tblvar, $fldvar, $fldname, $fldexpression, $fldtype, $flddtfmt, $upload = FALSE) { $this->TblVar = $tblvar; $this->FldVar = $fldvar; $this->FldName = $fldname; $this->FldExpression = $fldexpression; $this->FldType = $fldtype; $this->FldDataType = ew_FieldDataType($fldtype); $this->FldDateTimeFormat = $flddtfmt; $this->AdvancedSearch = new cAdvancedSearch(); if ($upload) { $this->Upload = new cUpload($this->TblVar, $this->FldVar, $this->FldDataType == EW_DATATYPE_BLOB); } }
function Page_Main() { global $conn; $GLOBALS["Page"] =& $this; $post = ew_StripSlashes($_POST); if (count($post) == 0) { die("Missing post data."); } //$sql = $qs->getValue("s"); $sql = @$post["s"]; $sql = ew_Decrypt($sql); if ($sql == "") { die("Missing SQL."); } $dbid = @$post["d"]; $conn = ew_Connect($dbid); // Global Page Loading event (in userfn*.php) Page_Loading(); if (ob_get_length()) { // Clear output ob_clean(); } if (strpos($sql, "{filter}") > 0) { $filters = ""; $ar = preg_grep('/^f\\d+$/', array_keys($post)); foreach ($ar as $key) { // Get the filter values (for "IN") $filter = ew_Decrypt(@$post[$key]); if ($filter != "") { $i = preg_replace('/^f/', '', $key); $value = @$post["v" . $i]; if ($value == "") { if ($i > 0) { // Empty parent field //continue; // Allow ew_AddFilter($filters, "1=0"); } // Disallow continue; } $arValue = explode(",", $value); $fldtype = intval(@$post["t" . $i]); $flddatatype = ew_FieldDataType($fldtype); $bValidData = TRUE; for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) { if ($flddatatype == EW_DATATYPE_NUMBER && !is_numeric($arValue[$j])) { $bValidData = FALSE; break; } else { $arValue[$j] = ew_QuotedValue($arValue[$j], $flddatatype, $dbid); } } if ($bValidData) { $filter = str_replace("{filter_value}", implode(",", $arValue), $filter); } else { $filter = "1=0"; } $fn = @$post["fn" . $i]; if ($fn == "" || !function_exists($fn)) { $fn = "ew_AddFilter"; } $fn($filters, $filter); } } $sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql); } // Get the query value (for "LIKE" or "=") $value = ew_AdjustSql(@$_GET["q"], $dbid); // Get the query value from querystring if ($value == "") { $value = ew_AdjustSql(@$post["q"], $dbid); } // Get the value from post if ($value != "") { $sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\'', $dbid), $sql); $sql = str_replace("{query_value}", $value, $sql); } // Replace {query_value_n} preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out); $cnt = count($out[0]); for ($i = 0; $i < $cnt; $i++) { $j = $out[1][$i]; $v = ew_AdjustSql(@$post["q" . $j], $dbid); $sql = str_replace("{query_value_" . $j . "}", $v, $sql); } $this->GetLookupValues($sql, $dbid); $result = ob_get_contents(); // Global Page Unloaded event (in userfn*.php) Page_Unloaded(); if (ob_get_length()) { // Clear output ob_clean(); } // Close connection ew_CloseConn(); // Output echo $result; }