fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 7205 Adjustment in SQL queries in the element suggest.

Browse Source
This commit is contained in:
Hector Cortez
2012-01-12 11:05:45 -04:00
parent 4363041484
commit 5e5e3c9d0f
2 changed files with 2199 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

364
gulliver/methods/genericAjax.php
View File

@@ -2,28 +2,28 @@
$request = isset($_POST['request'])? $_POST['request']: null; $request = isset($_POST['request'])? $_POST['request']: null;
if( !isset($request) ){ if( !isset($request) ){
$request = isset($_GET['request'])? $_GET['request']: null; $request = isset($_GET['request'])? $_GET['request']: null;
} }
if( isset($request) ){ if( isset($request) ){
switch($request){ switch($request){
case 'deleteGridRowOnDynaform': case 'deleteGridRowOnDynaform':
if( isset($_SESSION['APPLICATION']) ){ if( isset($_SESSION['APPLICATION']) ){
G::LoadClass('case'); G::LoadClass('case');
$oApp= new Cases(); $oApp= new Cases();
$aFields = $oApp->loadCase($_SESSION['APPLICATION']); $aFields = $oApp->loadCase($_SESSION['APPLICATION']);
unset($aFields['APP_DATA'][$_POST['gridname']][$_POST['rowpos']]); unset($aFields['APP_DATA'][$_POST['gridname']][$_POST['rowpos']]);
$oApp->updateCase($_SESSION['APPLICATION'], $aFields); $oApp->updateCase($_SESSION['APPLICATION'], $aFields);
} }
break; break;
/** widgets **/ /** widgets **/
case 'suggest': case 'suggest':
try{ try {
if(isset($_GET["inputEnconde64"])) { if(isset($_GET["inputEnconde64"])) {
$_GET['input'] = base64_decode($_GET['input']); $_GET['input'] = base64_decode($_GET['input']);
} }
$sData = base64_decode(str_rot13($_GET['hash'])); $sData = base64_decode(str_rot13($_GET['hash']));
list($SQL, $DB_UID) = explode('@|', $sData); list($SQL, $DB_UID) = explode('@|', $sData);
// Remplace values for dependent fields // Remplace values for dependent fields
@@ -32,113 +32,72 @@ if( isset($request) ){
if($aDependentFieldsKeys){ if($aDependentFieldsKeys){
$SQL = str_replace($aDependentFieldsKeys, $aDependentFieldsValue, $SQL); $SQL = str_replace($aDependentFieldsKeys, $aDependentFieldsValue, $SQL);
} }
if (1===preg_match('/^\s*SELECT\s+([\w\W]+?)(?:\s+FROM\s+`?([^`]+?)`?)(?:\s+WHERE\s+([\w\W]+?))?(?:\s+GROUP\s+BY\s+([\w\W]+?))?(?:\s+ORDER\s+BY\s+([\w\W]+?))?(?:\s+BETWEEN\s+([\w\W]+?)\s+AND\s+([\w\W]+?))?(?:\s+LIMIT\s+(\d+)\s*,\s*(\d+))?\s*$/im', $SQL, $matches)) {
$sqlColumns = $matches[1];
$sqlFrom = isset($matches[2])?$matches[2]:'';
$sqlWhere = isset($matches[3])?$matches[3]:'';
$sqlGroupBy = isset($matches[4])?$matches[4]:'';
$sqlOrderBy = isset($matches[5])?$matches[5]:'';
$sqlLowLimit = isset($matches[8])?$matches[8]:'';
$sqlHighLimit = isset($matches[9])?$matches[9]:'';
// New SQL String
$SQL = "SELECT " . $sqlColumns . " FROM " . $sqlFrom;
$aFieldSelect = explode(",", $sqlColumns);
$sFieldSel = (count($aFieldSelect)>1 ) ? $aFieldSelect[1] : $aFieldSelect[0];
if( strlen(trim($sqlWhere))>0) {
$SQL .= " WHERE " . $sqlWhere . " AND " . $sFieldSel . " LIKE '%". $_GET['input']."%'";
} else {
$SQL .= " WHERE " . $sFieldSel . " LIKE '%". $_GET['input']."%'";
}
if( strlen(trim($sqlGroupBy))>0) {
$SQL .= " GROUP BY " . $sqlGroupBy;
}
if( strlen(trim($sqlOrderBy))>0) {
$SQL .= " ORDER BY " . $sqlOrderBy;
} else {
$SQL .= " ORDER BY " . $sFieldSel;
}
} else {
//fixed: improving the statement sql by krlos
$sSql=substr($SQL, 6, strlen($SQL));
$pattern = "/\bfrom\b/i";
$replacement = 'FROM';
$sSql = preg_replace($pattern, $replacement, $sSql);
$aSql = explode("FROM", $sSql);
$afieldSql = explode(",",$aSql[0]); // Parsed SQL Structure
G::LoadClass('phpSqlParser');
if(count($afieldSql)>1) $parser = new PHPSQLParser($SQL);
$SQL .= " where $afieldSql[1] like '". $_GET['input']."%'"; // Verif parsed array
else // print_r($parser->parsed);
$SQL .= " where $afieldSql[0] like '". $_GET['input']."%'"; $SQL = queryModified($parser->parsed, $_GET['input']);
//add fixed
}
$aRows = Array(); $aRows = Array();
try { try {
$con = Propel::getConnection($DB_UID); $con = Propel::getConnection($DB_UID);
$con->begin(); $con->begin();
$rs = $con->executeQuery($SQL); $rs = $con->executeQuery($SQL);
$con->commit(); $con->commit();
while ( $rs->next() ) { while ( $rs->next() ) {
array_push($aRows, $rs->getRow()); array_push($aRows, $rs->getRow());
} }
} catch (SQLException $sqle) { } catch (SQLException $sqle) {
$con->rollback(); $con->rollback();
} }
$input = strtolower( $_GET['input'] ); $input = strtolower( $_GET['input'] );
$len = strlen($input); $len = strlen($input);
$limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 0; $limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 0;
$aResults = array(); $aResults = array();
$count = 0; $count = 0;
$aRows = sortByChar($aRows, $input);
$aRows = sortByChar($aRows, $input);
if ($len){ if ($len){
for ($i=0;$i<count($aRows);$i++){ for ($i=0;$i<count($aRows);$i++){
$aRow = $aRows[$i]; $aRow = $aRows[$i];
$nCols = sizeof($aRow); $nCols = sizeof($aRow);
$aRow = array_values($aRow); $aRow = array_values($aRow);
switch( $nCols ){ switch( $nCols ){
case 1: case 1:
$id = $aRow[0]; $id = $aRow[0];
$value = $aRow[0]; $value = $aRow[0];
$info = ''; $info = '';
break; break;
case 2: case 2:
$id = $aRow[0];
$value = $aRow[1];
$info = '';
break;
$id = $aRow[0]; case $nCols >= 3:
$value = $aRow[1]; $id = $aRow[0];
$info = ''; $value = $aRow[1];
break; $info = $aRow[2];
break;
case $nCols >= 3:
//print_r($aRow);
$id = $aRow[0];
$value = $aRow[1];
$info = $aRow[2];
break;
}
// had to use utf_decode, here
// not necessary if the results are coming from mysql
//
// if (strtolower(substr($value,0,$len)) == $input){
$count++;
$aResults[] = array( "id"=>$id ,"value"=>htmlspecialchars($value), "info"=>htmlspecialchars($info) );
// }
if ($limit && $count==$limit)
break;
} }
// had to use utf_decode, here
// not necessary if the results are coming from mysql
//
$count++;
$aResults[] = array( "id"=>$id ,"value"=>htmlspecialchars($value), "info"=>htmlspecialchars($info) );
if ($limit && $count==$limit)
break;
}
} }
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
@@ -147,24 +106,24 @@ if( isset($request) ){
header ("Pragma: no-cache"); // HTTP/1.0 header ("Pragma: no-cache"); // HTTP/1.0
if (isset($_REQUEST['json'])) { if (isset($_REQUEST['json'])) {
header("Content-Type: application/json"); header("Content-Type: application/json");
echo "{\"status\":0, \"results\": ["; echo "{\"status\":0, \"results\": [";
$arr = array(); $arr = array();
$aReplace = array("(\r\n)", "(\n\r)", "(\n)", "(\r)"); $aReplace = array("(\r\n)", "(\n\r)", "(\n)", "(\r)");
for ($i=0;$i<count($aResults);$i++) { for ($i=0;$i<count($aResults);$i++) {
$arr[] = "{\"id\": \"".$aResults[$i]['id']."\", \"value\": \"". html_entity_decode(preg_replace($aReplace, "", $aResults[$i]['value']))."\", \"info\": \"".$aResults[$i]['info']."\"}"; $arr[] = "{\"id\": \"".$aResults[$i]['id']."\", \"value\": \"". html_entity_decode(preg_replace($aReplace, "", $aResults[$i]['value']))."\", \"info\": \"".$aResults[$i]['info']."\"}";
} }
echo implode(", ", $arr); echo implode(", ", $arr);
echo "]}"; echo "]}";
} else { } else {
header("Content-Type: text/xml"); header("Content-Type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?><results>"; echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?><results>";
for ($i=0;$i<count($aResults);$i++) for ($i=0;$i<count($aResults);$i++)
{ {
echo "<rs id=\"".$aResults[$i]['id']."\" info=\"".$aResults[$i]['info']."\">".$aResults[$i]['value']."</rs>"; echo "<rs id=\"".$aResults[$i]['id']."\" info=\"".$aResults[$i]['info']."\">".$aResults[$i]['value']."</rs>";
} }
echo "</results>"; echo "</results>";
} }
} catch(Exception $e){ } catch(Exception $e){
@@ -176,8 +135,8 @@ if( isset($request) ){
break; break;
case 'storeInTmp': case 'storeInTmp':
try{ try {
$con = Propel::getConnection($_GET['cnn']); $con = Propel::getConnection($_GET['cnn']);
if($_GET['pkt'] == 'int'){ if($_GET['pkt'] == 'int'){
$rs = $con->executeQuery("SELECT MAX({$_GET['pk']}) as lastId FROM {$_GET['table']};"); $rs = $con->executeQuery("SELECT MAX({$_GET['pk']}) as lastId FROM {$_GET['table']};");
@@ -194,11 +153,11 @@ if( isset($request) ){
}catch( Exception $e){ }catch( Exception $e){
$err = $e->getMessage(); $err = $e->getMessage();
//$err = eregi_replace("[\n|\r|\n\r]", ' ', $err); //$err = eregi_replace("[\n|\r|\n\r]", ' ', $err);
$err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3 $err = preg_replace("[\n|\r|\n\r]", ' ', $err); // Made compatible to PHP 5.3
echo '{result:1, message:"'.$err.'"}'; echo '{result:1, message:"'.$err.'"}';
} }
break; break;
} }
} }
function sortByChar($aRows, $charSel) function sortByChar($aRows, $charSel)
@@ -206,8 +165,8 @@ function sortByChar($aRows, $charSel)
$aIniChar = array(); $aIniChar = array();
$aRest = array(); $aRest = array();
for($i=0; $i<count($aRows) ;$i++){ for($i=0; $i<count($aRows) ;$i++){
$aRow = $aRows[$i]; $aRow = $aRows[$i];
$nCols = sizeof($aRow); $nCols = sizeof($aRow);
$aRowOrder = array_values($aRow); $aRowOrder = array_values($aRow);
switch( $nCols ){ switch( $nCols ){
case 1: case 1:
@@ -216,13 +175,12 @@ function sortByChar($aRows, $charSel)
case 2: case 2:
$value = $aRowOrder[1]; $value = $aRowOrder[1];
break; break;
case $nCols >= 3: case $nCols >= 3:
$value = $aRowOrder[1]; $value = $aRowOrder[1];
break; break;
} }
if(substr(lowerCase($value), 0, 1) == substr( lowerCase($charSel), 0, 1)){ if(substr(strtolower($value), 0, 1) == substr( strtolower($charSel), 0, 1)){
array_push($aIniChar, $aRow); array_push($aIniChar, $aRow);
} else { } else {
array_push($aRest, $aRow); array_push($aRest, $aRow);
@@ -230,3 +188,147 @@ function sortByChar($aRows, $charSel)
} }
return array_merge($aIniChar, $aRest); return array_merge($aIniChar, $aRest);
} }
/*
* Converts a SQL array parsing to a SQL string.
* @param string $sqlParsed
* @param string $inputSel default value empty string
* @return string
*/
function queryModified($sqlParsed, $inputSel = "")
{
if(!empty($sqlParsed['SELECT'])) {
$sqlSelect = "SELECT ";
$aSelect = $sqlParsed['SELECT'];
$sFieldSel = (count($aSelect)>1 ) ? $aSelect[1]['base_expr'] : $aSelect[0]['base_expr'];
foreach($aSelect as $key => $value ) {
if($key != 0)
$sqlSelect .= ", ";
$sAlias = str_replace("`","", $aSelect[$key]['alias']);
$sBaseExpr = $aSelect[$key]['base_expr'];
switch($aSelect[$key]['expr_type']){
case 'colref' : if($sAlias === $sBaseExpr)
$sqlSelect .= $sAlias;
else
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
break;
case 'expression' : if($sAlias === $sBaseExpr)
$sqlSelect .= $sBaseExpr;
else
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
break;
case 'subquery' : if(strpos($sAlias, $sBaseExpr,0) != 0)
$sqlSelect .= $sAlias;
else
$sqlSelect .= $sBaseExpr . " AS " . $sAlias;
break;
case 'operator' : $sqlSelect .= $sBaseExpr;
break;
default : $sqlSelect .= $sBaseExpr;
break;
}
}
$sqlFrom = " FROM ";
if(!empty($sqlParsed['FROM'])){
$aFrom = $sqlParsed['FROM'];
if(count($aFrom) > 0){
foreach($aFrom as $key => $value ){
if($key == 0) {
$sqlFrom .= $aFrom[$key]['table'] . (($aFrom[$key]['table'] == $aFrom[$key]['alias'])?"" : " " . $aFrom[$key]['alias']);
} else {
$sqlFrom .= " " . (($aFrom[$key]['join_type']=='JOIN')?"INNER": $aFrom[$key]['join_type']) . " JOIN " . $aFrom[$key]['table']
. (($aFrom[$key]['table'] == $aFrom[$key]['alias'])?"" : " " . $aFrom[$key]['alias']) . " " . $aFrom[$key]['ref_type'] . " " . $aFrom[$key]['ref_clause'] ;
}
}
}
}
if(!empty($sqlParsed['WHERE'])){
$sqlWhere = " WHERE ";
$aWhere = $sqlParsed['WHERE'];
foreach($aWhere as $key => $value ){
$sqlWhere .= $value['base_expr'] . " ";
}
$sqlWhere .= " AND " . $sFieldSel . " LIKE '%". $inputSel . "%'";
}
else {
$sqlWhere = " WHERE " . $sFieldSel . " LIKE '%". $inputSel ."%' ";
}
$sqlGroupBy = "";
if(!empty($sqlParsed['GROUP'])){
$sqlGroupBy = "GROUP BY ";
$aGroup = $sqlParsed['GROUP'];
foreach($aGroup as $key => $value ){
if($key != 0)
$sqlGroupBy .= ", ";
if($value['direction'] == 'ASC' )
$sqlGroupBy .= $value['base_expr'];
else
$sqlGroupBy .= $value['base_expr'] . " " . $value['direction'];
}
}
$sqlHaving = "";
if(!empty($sqlParsed['HAVING'])){
$sqlHaving = "HAVING ";
$aHaving = $sqlParsed['HAVING'];
foreach($aHaving as $key => $value ){
$sqlHaving .= $value['base_expr'] . " ";
}
}
$sqlOrderBy = "";
if(!empty($sqlParsed['ORDER'])){
$sqlOrderBy = "ORDER BY ";
$aOrder = $sqlParsed['ORDER'];
foreach($aOrder as $key => $value ){
if($key != 0)
$sqlOrderBy .= ", ";
if($value['direction'] == 'ASC' )
$sqlOrderBy .= $value['base_expr'];
else
$sqlOrderBy .= $value['base_expr'] . " " . $value['direction'];
}
} else {
$sqlOrderBy = " ORDER BY " . $sFieldSel;
}
$sqlLimit = "";
if(!empty($sqlParsed['LIMIT'])){
$sqlLimit = "LIMIT ". $sqlParsed['LIMIT']['start'] . ", " . $sqlParsed['LIMIT']['end'];
}
return $sqlSelect . $sqlFrom . $sqlWhere . $sqlGroupBy . $sqlHaving . $sqlOrderBy . $sqlLimit;
}
if(!empty($sqlParsed['CALL'])){
$sCall = "CALL ";
$aCall = $sqlParsed['CALL'];
foreach($aCall as $key => $value ){
$sCall .= $value . " ";
}
return $sCall;
}
if(!empty($sqlParsed['EXECUTE'])){
$sCall = "EXECUTE ";
$aCall = $sqlParsed['EXECUTE'];
foreach($aCall as $key => $value ){
$sCall .= $value . " ";
}
return $sCall;
}
if(!empty($sqlParsed[''])){
$sCall = "";
$aCall = $sqlParsed[''];
foreach($aCall as $key => $value ){
$sCall .= $value . " ";
}
return $sCall;
}
}

1966
gulliver/system/class.phpSqlParser.php Normal file
View File

File diff suppressed because it is too large Load Diff