die($objectTools->JSONError(301)); } if (!isset($_POST["t"])) { die($objectTools->JSONError(301)); } $values = str_replace("'", '"', $values); $values_split = explode(",", $values); $fields_full = explode(",", $fields); if (count($fields_full) != count($values_split)) { die($objectTools->JSONError(301)); } /** * check the blacklist */ if (isset($fields)) { $exist = $blacklist->existItem("G", $_POST["t"], "*"); if (!$exist) { $exist = $blacklist->existItem("G", $table, $fields); } } else { $exist = $blacklist->existItem("G", $table, "*"); } /** * If the query is not allowed -> die */ if ($exist) { die($objectTools->JSONError(401)); } /** * Create the sql sentence with get parameters */
function postData($table, $post_parameters) { $blacklist = new BlackList(); /** * check the blacklist */ $values = ""; $columns = ""; $values_array = ""; $columns_array = ""; $first_iteration = true; $counter = 0; while (list($field, $value) = each($post_parameters)) { // Detect if it is a text or number $value = is_numeric($value) ? $value : "'" . $value . "'"; // join the string with (,) ie: value1,value2,value3 $values .= $first_iteration ? $value : "," . $value; $columns .= $first_iteration ? $field : "," . $field; $values_array[$counter] = $value; $columns_array[$counter] = $field; $first_iteration = false; $counter++; } if ($blacklist->existItem("G", $table, "*")) { die($this->JSONError(401)); } if (!empty($post_parameters)) { for ($i = 0; $i < count($columns_array); $i++) { if ($blacklist->existItem("G", $table, $columns_array[$i])) { die($this->JSONError(401)); } } } /** * Create the sql sentence with the post parameters */ if ($values != "") { $sql = "INSERT INTO {$table} ({$columns}) VALUES ({$values})"; } $function = "json"; if ($function == "json") { header('Content-Type: application/json'); $result = $this->setDataBySQL($sql); if (!$result) { die($this->JSONError(303)); } $indices = ""; $rawdata = ""; var_dump($columns_array); for ($i = 0; $i < count($columns_array); $i++) { $rawdata[0][$i] = $values_array[$i]; $rawdata[0][$columns_array[$i]] = $values_array[$i]; $indices[$i] = $columns_array[$i]; $i++; } $json["data"] = $rawdata; $json["dbInfo"] = $indices; echo json_encode($json); } else { if ($function == "xml") { } else { die($this->JSONError(301)); } } }
* @author Alejandro Esquiva Rodríguez [@alex_esquiva] <*****@*****.**> * @license Apache License, Version 2.0 * @link https://github.com/GeekyTheory/Automatic-API-REST */ include_once 'inc/functions.php'; require_once "inc/autentification.php"; $blacklist = new BlackList(); if (isset($_GET["a"])) { if ($_GET["a"] == "add") { $tool = new Tools(); $fields = $tool->getFieldsByTable($_GET["table"]); $num_fields = count($fields); if ($_GET["column"] == "*") { //Get all columns from table for ($i = 0; $i < count($fields); $i++) { if (!$blacklist->existItem($_GET["type"], $_GET["table"], $fields[$i])) { $blacklist->createItem($_GET["type"], $_GET["table"], $fields[$i]); } } $blacklist->createItem($_GET["type"], $_GET["table"], $_GET["column"]); } else { $blacklist->createItem($_GET["type"], $_GET["table"], $_GET["column"]); $num_fields_check = 0; for ($i = 0; $i < count($fields); $i++) { if ($blacklist->existItem($_GET["type"], $_GET["table"], $fields[$i])) { $num_fields_check++; } } if ($num_fields == $num_fields_check) { //Añadimos * $blacklist->createItem($_GET["type"], $_GET["table"], "*");