fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 7205 Adjustment in SQL queries in the element suggest.

Browse Source
This commit is contained in:
Hector Cortez
2012-01-12 11:05:45 -04:00
parent 4363041484
commit 5e5e3c9d0f
2 changed files with 2199 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
gulliver/methods/genericAjax.php
View File

@@ -20,7 +20,7 @@ if( isset($request) ){
/** widgets **/
case 'suggest':
try{
try {
if(isset($_GET["inputEnconde64"])) {
$_GET['input'] = base64_decode($_GET['input']);
}
@@ -32,49 +32,14 @@ if( isset($request) ){
if($aDependentFieldsKeys){
$SQL = str_replace($aDependentFieldsKeys, $aDependentFieldsValue, $SQL);
}
if (1===preg_match('/^\s*SELECT\s+([\w\W]+?)(?:\s+FROM\s+`?([^`]+?)`?)(?:\s+WHERE\s+([\w\W]+?))?(?:\s+GROUP\s+BY\s+([\w\W]+?))?(?:\s+ORDER\s+BY\s+([\w\W]+?))?(?:\s+BETWEEN\s+([\w\W]+?)\s+AND\s+([\w\W]+?))?(?:\s+LIMIT\s+(\d+)\s*,\s*(\d+))?\s*$/im', $SQL, $matches)) {
// Parsed SQL Structure
G::LoadClass('phpSqlParser');
$sqlColumns = $matches[1];
$sqlFrom = isset($matches[2])?$matches[2]:'';
$sqlWhere = isset($matches[3])?$matches[3]:'';
$sqlGroupBy = isset($matches[4])?$matches[4]:'';
$sqlOrderBy = isset($matches[5])?$matches[5]:'';
$sqlLowLimit = isset($matches[8])?$matches[8]:'';
$sqlHighLimit = isset($matches[9])?$matches[9]:'';
// New SQL String
$SQL = "SELECT " . $sqlColumns . " FROM " . $sqlFrom;
$aFieldSelect = explode(",", $sqlColumns);
$sFieldSel = (count($aFieldSelect)>1 ) ? $aFieldSelect[1] : $aFieldSelect[0];
if( strlen(trim($sqlWhere))>0) {
$SQL .= " WHERE " . $sqlWhere . " AND " . $sFieldSel . " LIKE '%". $_GET['input']."%'";
} else {
$SQL .= " WHERE " . $sFieldSel . " LIKE '%". $_GET['input']."%'";
}
if( strlen(trim($sqlGroupBy))>0) {
$SQL .= " GROUP BY " . $sqlGroupBy;
}
if( strlen(trim($sqlOrderBy))>0) {
$SQL .= " ORDER BY " . $sqlOrderBy;
} else {
$SQL .= " ORDER BY " . $sFieldSel;
}
} else {
//fixed: improving the statement sql by krlos
$sSql=substr($SQL, 6, strlen($SQL));
$pattern = "/\bfrom\b/i";
$replacement = 'FROM';
$sSql = preg_replace($pattern, $replacement, $sSql);
$aSql = explode("FROM", $sSql);
$afieldSql = explode(",",$aSql[0]);
if(count($afieldSql)>1)
$SQL .= " where $afieldSql[1] like '". $_GET['input']."%'";
else
$SQL .= " where $afieldSql[0] like '". $_GET['input']."%'";
//add fixed
}
$parser = new PHPSQLParser($SQL);
// Verif parsed array
// print_r($parser->parsed);
$SQL = queryModified($parser->parsed, $_GET['input']);
$aRows = Array();
try {
@@ -93,10 +58,8 @@ if( isset($request) ){
$input = strtolower( $_GET['input'] );
$len = strlen($input);
$limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 0;
$aResults = array();
$count = 0;
$aRows = sortByChar($aRows, $input);
if ($len){
@@ -113,14 +76,12 @@ if( isset($request) ){
break;
case 2:
$id = $aRow[0];
$value = $aRow[1];
$info = '';
break;
case $nCols >= 3:
//print_r($aRow);
$id = $aRow[0];
$value = $aRow[1];
$info = $aRow[2];
@@ -131,10 +92,8 @@ if( isset($request) ){
// had to use utf_decode, here
// not necessary if the results are coming from mysql
//
// if (strtolower(substr($value,0,$len)) == $input){
$count++;
$aResults[] = array( "id"=>$id ,"value"=>htmlspecialchars($value), "info"=>htmlspecialchars($info) );
// }
if ($limit && $count==$limit)
break;
@@ -177,7 +136,7 @@ if( isset($request) ){
case 'storeInTmp':
try{
try {
$con = Propel::getConnection($_GET['cnn']);
if($_GET['pkt'] == 'int'){
$rs = $con->executeQuery("SELECT MAX({$_GET['pk']}) as lastId FROM {$_GET['table']};");
@@ -194,7 +153,7 @@ if( isset($request) ){
}catch( Exception $e){
$err = $e->getMessage();
//$err = eregi_replace("[\n|\r|\n\r]", ' ', $err);
$err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3
$err = preg_replace("[\n|\r|\n\r]", ' ', $err); // Made compatible to PHP 5.3
echo '{result:1, message:"'.$err.'"}';
}
break;
@@ -216,13 +175,12 @@ function sortByChar($aRows, $charSel)
case 2:
$value = $aRowOrder[1];
break;
case $nCols >= 3:
$value = $aRowOrder[1];
break;
}
if(substr(lowerCase($value), 0, 1) == substr( lowerCase($charSel), 0, 1)){
if(substr(strtolower($value), 0, 1) == substr( strtolower($charSel), 0, 1)){
array_push($aIniChar, $aRow);
} else {
array_push($aRest, $aRow);
@@ -230,3 +188,147 @@ function sortByChar($aRows, $charSel)
}
return array_merge($aIniChar, $aRest);
}
/*
* Converts a SQL array parsing to a SQL string.
* @param string $sqlParsed
* @param string $inputSel default value empty string
* @return string
*/
function queryModified($sqlParsed, $inputSel = "")
{
if(!empty($sqlParsed['SELECT'])) {
$sqlSelect = "SELECT ";
$aSelect = $sqlParsed['SELECT'];
$sFieldSel = (count($aSelect)>1 ) ? $aSelect[1]['base_expr'] : $aSelect[0]['base_expr'];
foreach($aSelect as $key => $value ) {
if($key != 0)
$sqlSelect .= ", ";
$sAlias = str_replace("`","", $aSelect[$key]['alias']);
$sBaseExpr = $aSelect[$key]['base_expr'];
switch($aSelect[$key]['expr_type']){
case 'colref' : if($sAlias === $sBaseExpr)
$sqlSelect .= $sAlias;
else
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
break;
case 'expression' : if($sAlias === $sBaseExpr)
$sqlSelect .= $sBaseExpr;
else
$sqlSelect .= $sBaseExpr . ' AS ' . $sAlias;
break;
case 'subquery' : if(strpos($sAlias, $sBaseExpr,0) != 0)
$sqlSelect .= $sAlias;
else
$sqlSelect .= $sBaseExpr . " AS " . $sAlias;
break;
case 'operator' : $sqlSelect .= $sBaseExpr;
break;
default : $sqlSelect .= $sBaseExpr;
break;
}
}
$sqlFrom = " FROM ";
if(!empty($sqlParsed['FROM'])){
$aFrom = $sqlParsed['FROM'];
if(count($aFrom) > 0){
foreach($aFrom as $key => $value ){
if($key == 0) {
$sqlFrom .= $aFrom[$key]['table'] . (($aFrom[$key]['table'] == $aFrom[$key]['alias'])?"" : " " . $aFrom[$key]['alias']);
} else {
$sqlFrom .= " " . (($aFrom[$key]['join_type']=='JOIN')?"INNER": $aFrom[$key]['join_type']) . " JOIN " . $aFrom[$key]['table']
. (($aFrom[$key]['table'] == $aFrom[$key]['alias'])?"" : " " . $aFrom[$key]['alias']) . " " . $aFrom[$key]['ref_type'] . " " . $aFrom[$key]['ref_clause'] ;
}
}
}
}
if(!empty($sqlParsed['WHERE'])){
$sqlWhere = " WHERE ";
$aWhere = $sqlParsed['WHERE'];
foreach($aWhere as $key => $value ){
$sqlWhere .= $value['base_expr'] . " ";
}
$sqlWhere .= " AND " . $sFieldSel . " LIKE '%". $inputSel . "%'";
}
else {
$sqlWhere = " WHERE " . $sFieldSel . " LIKE '%". $inputSel ."%' ";
}
$sqlGroupBy = "";
if(!empty($sqlParsed['GROUP'])){
$sqlGroupBy = "GROUP BY ";
$aGroup = $sqlParsed['GROUP'];
foreach($aGroup as $key => $value ){
if($key != 0)
$sqlGroupBy .= ", ";
if($value['direction'] == 'ASC' )
$sqlGroupBy .= $value['base_expr'];
else
$sqlGroupBy .= $value['base_expr'] . " " . $value['direction'];
}
}
$sqlHaving = "";
if(!empty($sqlParsed['HAVING'])){
$sqlHaving = "HAVING ";
$aHaving = $sqlParsed['HAVING'];
foreach($aHaving as $key => $value ){
$sqlHaving .= $value['base_expr'] . " ";
}
}
$sqlOrderBy = "";
if(!empty($sqlParsed['ORDER'])){
$sqlOrderBy = "ORDER BY ";
$aOrder = $sqlParsed['ORDER'];
foreach($aOrder as $key => $value ){
if($key != 0)
$sqlOrderBy .= ", ";
if($value['direction'] == 'ASC' )
$sqlOrderBy .= $value['base_expr'];
else
$sqlOrderBy .= $value['base_expr'] . " " . $value['direction'];
}
} else {
$sqlOrderBy = " ORDER BY " . $sFieldSel;
}
$sqlLimit = "";
if(!empty($sqlParsed['LIMIT'])){
$sqlLimit = "LIMIT ". $sqlParsed['LIMIT']['start'] . ", " . $sqlParsed['LIMIT']['end'];
}
return $sqlSelect . $sqlFrom . $sqlWhere . $sqlGroupBy . $sqlHaving . $sqlOrderBy . $sqlLimit;
}
if(!empty($sqlParsed['CALL'])){
$sCall = "CALL ";
$aCall = $sqlParsed['CALL'];
foreach($aCall as $key => $value ){
$sCall .= $value . " ";
}
return $sCall;
}
if(!empty($sqlParsed['EXECUTE'])){
$sCall = "EXECUTE ";
$aCall = $sqlParsed['EXECUTE'];
foreach($aCall as $key => $value ){
$sCall .= $value . " ";
}
return $sCall;
}
if(!empty($sqlParsed[''])){
$sCall = "";
$aCall = $sqlParsed[''];
foreach($aCall as $key => $value ){
$sCall .= $value . " ";
}
return $sCall;
}
}

1966
gulliver/system/class.phpSqlParser.php Normal file
View File

File diff suppressed because it is too large Load Diff