/** * Searches (nested) for a match with $value * * returns the id of the record in the associated value by searching recursively * that can be used in a SQL search */ function find_nested_match($db, $tableinfo, $field, $value, $first = true) { $info = getvalues($db, $tableinfo, $field); if ($info[0]['datatype'] == 'table') { $ass_tableinfo = new tableinfo($db, $info[0]['ass_table_name']); $value = find_nested_match($db, $ass_tableinfo, $info[0]['ass_column_name'], $value, false); } elseif ($info[0]['datatype'] == 'int') { $value = trim($value); // I am getting desperate, but the browser inserts junk in the first postions, test if it is a number, if not, delete it. if (!is_numeric($value[0])) { $value = substr($value, 1); } return get_cell($db, $tableinfo->realname, 'id', $field, (int) $value); } elseif ($info[0]['datatype'] == 'float') { $value = trim($value); if (!is_numeric($value[0])) { $value = substr($value, 1); } return get_cell($db, $tableinfo->realname, 'id', $field, (double) $value); } elseif ($info[0]['datatype'] == 'pulldown') { $value = get_cell($db, $info[0]['ass_t'], 'id', 'typeshort', $value); return get_cell($db, $tableinfo->realname, 'id', $field, $value); } elseif (!$first) { return get_cell($db, $tableinfo->realname, 'id', $field, $value); } return $value; }
if (array_key_exists('md', $_GET) && $_GET['md']) { $md = $_GET['md']; } // check to avoid cross-site scripting if ($md != 'edit') { $md = 'notediting'; } foreach ($_POST as $key => $value) { // for table links, search in the linked table instead of the current one if (substr($key, 0, 3) == 'max') { $cname = substr($key, 4); $field = strtok($cname, '_'); $value = $_POST[$cname]; // we need to replace this value with an id if appropriate if ($value) { $_POST[$cname] = find_nested_match($db, $tableinfo, $field, $value); } } } reset($_POST); if ($searchj || isset($sortup) || isset($sortdown) || array_key_exists('next', $_POST) || array_key_exists('previous', $_POST)) { $search = 'Search'; } /*****************************BODY*******************************/ // check whether user may see this table if (!may_see_table($db, $USER, $tableinfo->id)) { printheader($httptitle); navbar($USER['permissions']); echo "<h3 align='center'>These data are not for you. Sorry;(</h3>\n"; printfooter(); exit;