Grid Search Plugin

**Ixtinkt** · 3 Aug 2011 2:12 AM

Here is my server side code

PHP Code:


<?php
    include('../settings.php');
    $arr = array();
     

    $db = mysql_connect ($DB_HOST,$DB_USER,$DB_PASS) or die("Database error");;
    mysql_select_db($DB_NAME, $db);
    mysql_query("SET NAMES 'utf8'");
    $start = ($_REQUEST['start'] != '') ? $_REQUEST['start'] : 0;
    $limit = ($_REQUEST['$limit'] != '') ? $_REQUEST['$limit'] : 9;
    if (!empty($_REQUEST['fields']) && !empty($_REQUEST['query'])){
        $campos = substr(stripcslashes($_REQUEST['fields']),2,-2);
        $prewhere = split('\",\"', $campos);
        foreach ($prewhere as $index=>$value){
            $where[$index] = $value." LIKE '%".$_REQUEST['query']."%' ";
        }
        $endwhere = " AND ".implode(" OR ",$where);
        $count_sql = "SELECT id,name,code,city,address,description FROM shops WHERE group_id = ".$_REQUEST['group_id']." ".$endwhere;
    } else {
        $count_sql = "SELECT id,name,code,city,address,description FROM shops WHERE group_id = ".$_REQUEST['group_id'];    
    }
    
    $sql = $count_sql." LIMIT  ".$start.", ".$limit;
    If (!$rs = mysql_query($sql)) {
        Echo '{success:false}';

    }else{
        $rs_count = mysql_query($count_sql);
        $results = mysql_num_rows($rs_count);
        
        while($obj = mysql_fetch_object($rs)){
            $arr[] = $obj;
        }
        Echo '{success:true,results:'.$results.',rows:'.json_encode($arr).'}';
    }
?>

**idefix** · 3 Aug 2011 4:06 AM

As small comment to you php script. It is vulnerable to sql injection, you should fix that in your final version. If you pass a string as start='5;delete from shops' it will clean up your table

**Ixtinkt** · 3 Aug 2011 5:01 AM

Originally Posted by idefix

As small comment to you php script. It is vulnerable to sql injection, you should fix that in your final version. If you pass a string as start='5;delete from shops' it will clean up your table

You can not pass anything else distinct of integer. Ext.ux.grid.Search plugin deny this, only int.
P.S. I try "5;delete from shops" - doesn't work.

**ivanleblanc** · 3 Aug 2011 5:04 AM

Originally Posted by Ixtinkt

ivanleblanc, thanks for answer. Do you met some examples of server side using of this params?

Well this is what the plugin attaches to the reload request based on what columns you tell the plugin you want to search in.

Code:

fields : ["id","invoice_to","vendor_name","description"]
query: 4608

On my server side I will have a function called remote_filtering. It looks like this:

Code:

function remote_filtering($fields=false, $table = NULL) {
    
    $table = ($table == NULL) ? $this->table : $table;
    $query = $this->input->get_post('query');
    if($query && $query != '') {
    
        if($fields!=false) {}
        elseif($this->input->get_post('fields'))
            $fields = !($fields) ? json_decode($this->input->get_post('fields')) : $fields;
        else
            $fields = $this->db->list_fields($table);
                        
        $query = addslashes($this->input->get_post('query'));
        foreach($fields as $field) {
            $this->db->or_having($field.' LIKE \'%'.$query.'%\'');
        }
    }
}

The code above is using Codeigniter to build the query... but you get the idea of what I'm doing.
I check to see if I have a "query" parameter on the request and if so i use the "fields" parameter that the plugin sends to know what column to apply a LIKE statement too.

The code just appends HAVING statements to the end of an already created SQL statement.

**idefix** · 3 Aug 2011 5:17 AM

Try:

Code:

http://host/phpscript.php?limit=2%3Bdelete%20from%20shops

**Ixtinkt** · 3 Aug 2011 7:06 AM

1. All requests sends via JS, to call main script with get params doesn't return

terrible result.
2. Haker do not know where scripts are place.
3. I do not understand but if call my php script with get param I get
"SELECT g.id,g.name,g.description,(select count(s.id) FROM shops s where s.group_id=g.id) count FROM shop_groups g LIMIT 0, 2;delete from shop;"
but table shop rest not empty
and sql query do not execute

**idefix** · 3 Aug 2011 7:23 AM

Is the table not named shops?

**Ixtinkt** · 4 Aug 2011 3:17 AM

I have created a new table, named "shop", to do not erase "shops"

**idefix** · 4 Aug 2011 4:39 AM

it will not erase the table. It will only clear the content in the table.
But maybe you have some security modules in your webserver enabled that will filter out the kind of chained querries.

**Ixtinkt** · 4 Aug 2011 10:25 PM

Originally Posted by idefix

it will not erase the table. It will only clear the content in the table.
But maybe you have some security modules in your browser enabled that will filter out the kind of chained querries.

You think I do not understand what it can erase? It is server side script, browser doesn't have any attitude.

Grid Search Plugin

Thread Tools

Search Thread

Display

server side code

server side code