Level 2
Should a function or? For example, I have an output function with which I also send in view
Nov 10, 2020
2
Level 2
Take the id and name referring to the product
Is there a way, depending on the name of the file I'm looking for in the search, to take a query in which I take the name and id of the picture from the files table? E.g
$query=" (SELECT 'product' AS tbl, product.id, product.nume, product.continut, null as aux
FROM fes_product product
WHERE product.name LIKE '%{$this->keyword}%' OR product.content LIKE '%{$this->keyword}%')
ORDER BY
CASE
WHEN name LIKE '%{$this->keyword}%' THEN 1
WHEN content LIKE '%{$this->keyword}%' THEN 3
ELSE 2
END
LIMIT {$startRow}, {$this->itemsOnPage}
";
And the files table has id, name, ext, idx and I want to do a query to get the id and the name. How can I do this depending on the name of what I am looking for or what is taken from the products?
function Output()
{
global $log, $settings, $sql, $fill_filters;
$pages=$found=$order=$pgname='';
$startRow=($this->currentPage-1)*$this->itemsOnPage;
$query=" (SELECT 'product' AS tbl, product.id, product.name, product.prodcontent, null as aux
FROM fes_product product
WHERE product.name LIKE '%{$this->keyword}%' OR product.prodcontent LIKE '%{$this->keyword}%')
ORDER BY
CASE
WHEN name LIKE '%{$this->keyword}%' THEN 1
WHEN prodcontent LIKE '%{$this->keyword}%' THEN 3
ELSE 2
END
LIMIT {$startRow}, {$this->itemsOnPage}
";
#die($query);
#log:
$log->Write("Attempting to display search results, page {$this->currentPage} (from row $startRow, {$this->itemsOnPage} rows)\nSQL Query: $query",__FILE__,__LINE__);
#sql
$this->query = $query;
$sql->doQuery($query);
if($sql->rows)
{
$this->shownItems=$sql->rows;
$rows= $sql->rows;
$result= $sql->result;
$count=1;
#items
$this->itemsTotal= $sql->getTotalRows();
while($row= mysqli_fetch_array($result))
{
$cur= count($this->items);
$start = $end = "";
if($this->modulo!=false)
{
if($count==1 || ($count) % $this->modulo==1)
{
$start=$this->modulo_start;
}
if($count % $this->modulo==0 || $count == $this->shownItems)
{
$end = $this->modulo_end;
}
}
$this->items[$cur]= $start.$this->addItem($row, $count, $rows).$end;
$count=$count+1;
}
$items=implode('',$this->items);
#pages
$pages='';
if($this->showPages===true) $pages=$this->addPageLinks(); else
if($this->showPages=='auto' && $this->itemsTotal>$this->itemsOnPage) $pages=$this->addPageLinks();
#found
$pgname=$this->name;
$found=/*str_replace("_"," ",$pgname)." de la ".*/($startRow+1)." la ".($startRow+$rows)." din {$this->itemsTotal}";
#order
$order='';
}
else
{
$items='<p style="text-align:center">not found!</p>';# "Not found"; #$language->Text('NO_RECORD_FOUND').'.';
}
//$image = '<img src="/app/gethumb.php?id='.$values['id'].'" alt=""></a> width="42" height="42" style="border:5px solid black">';
return str_replace(array('%ITEMS%','%PAGES%','%FOUND%','%ORDER%', '$IMAGE%'),array($items,$pages,$found,$order, $image),$this->template['list']);
}
output function
Level 122
Looks like a sql injection attack waiting to happen
Please or to participate in this conversation.