loadCase($_SESSION['APPLICATION']); unset($aFields['APP_DATA'][$_POST['gridname']][$_POST['rowpos']]); $oApp->updateCase($_SESSION['APPLICATION'], $aFields); } break; /** widgets **/ case 'suggest': try{ $sData = base64_decode(str_rot13($_GET['hash'])); list($SQL, $DB_UID) = explode('@', $sData); //fixed: improving the statement sql by krlos $sSql=substr($SQL, 6, strlen($SQL)); $pattern = "/\bfrom\b/i"; $replacement = 'FROM'; $sSql = preg_replace($pattern, $replacement, $sSql); $aSql = explode("FROM", $sSql); $afieldSql = explode(",",$aSql[0]); if(count($afieldSql)>1) $SQL .= " where $afieldSql[1] like '". $_GET['input']."%'"; else $SQL .= " where $afieldSql[0] like '". $_GET['input']."%'"; //add fixed $aRows = Array(); try { $con = Propel::getConnection($DB_UID); $con->begin(); $rs = $con->executeQuery($SQL); $con->commit(); while ( $rs->next() ) { array_push($aRows, $rs->getRow()); } } catch (SQLException $sqle) { $con->rollback(); } $input = strtolower( $_GET['input'] ); $len = strlen($input); $limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 0; $aResults = array(); $count = 0; if ($len){ for ($i=0;$i= 3: //print_r($aRow); $id = $aRow[0]; $value = $aRow[1]; $info = $aRow[2]; break; } // had to use utf_decode, here // not necessary if the results are coming from mysql // if (strtolower(substr($value,0,$len)) == $input){ $count++; $aResults[] = array( "id"=>$id ,"value"=>htmlspecialchars($value), "info"=>htmlspecialchars($info) ); } if ($limit && $count==$limit) break; } } header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 if (isset($_REQUEST['json'])) { header("Content-Type: application/json"); echo "{\"status\":0, \"results\": ["; $arr = array(); for ($i=0;$i"; for ($i=0;$i".$aResults[$i]['value'].""; } echo ""; } } catch(Exception $e){ $err = $e->getMessage(); //$err = eregi_replace("[\n|\r|\n\r]", ' ', $err); $err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3 echo '{"status":1, "message":"'.$err.'"}'; } break; case 'storeInTmp': try{ $con = Propel::getConnection($_GET['cnn']); if($_GET['pkt'] == 'int'){ $rs = $con->executeQuery("SELECT MAX({$_GET['pk']}) as lastId FROM {$_GET['table']};"); $rs->next(); $row = $rs->getRow(); $gKey = (int)$row['lastId'] + 1; } else { $gKey = md5(date('Y-m-d H:i:s').'@'.rand()); } $rs = $con->executeQuery("INSERT INTO {$_GET['table']} ({$_GET['pk']}, {$_GET['fld']}) VALUES ('$gKey', '{$_GET['value']}');"); echo '{status:0, message:"success"}'; }catch( Exception $e){ $err = $e->getMessage(); //$err = eregi_replace("[\n|\r|\n\r]", ' ', $err); $err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3 echo '{result:1, message:"'.$err.'"}'; } break; } }