fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 5408 this issue was improved.

Browse Source 
I've not  been able to reproduce this bug, however I could see into the code it's doing "SELECT FIELD_UID, FIELDA, FIELDB FROM YOURTABLE" then to solve this issue I have added some code now the code it's doing "SELECT FIELD_UID, FIELDA, FIELDB FROM YOURTABLE where FIELDA LIKE 'FIELDSEARCH%'"
This commit is contained in:
Carlos Pacha
2011-04-04 12:29:08 -04:00
parent 4cacbd6af1
commit a5abd40040
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gulliver/methods/genericAjax.php
View File

@@ -23,7 +23,20 @@ if( isset($request) ){
try{ try{
$sData = base64_decode(str_rot13($_GET['hash'])); $sData = base64_decode(str_rot13($_GET['hash']));
list($SQL, $DB_UID) = explode('@', $sData); list($SQL, $DB_UID) = explode('@', $sData);
//fixed: improving the statement sql by krlos
$sSql=substr($SQL, 6, strlen($SQL));
$pattern = "/\bfrom\b/i";
$replacement = 'FROM';
$sSql = preg_replace($pattern, $replacement, $sSql);
$aSql = explode("FROM", $sSql);
$afieldSql = explode(",",$aSql[0]);
if(count($afieldSql)>1)
$SQL .= "where $afieldSql[1] like '". $_GET['input']."%'";
else
$SQL .= "where $afieldSql[0] like '". $_GET['input']."%'";
//add fixed
$aRows = Array(); $aRows = Array();
try { try {
$con = Propel::getConnection($DB_UID); $con = Propel::getConnection($DB_UID);