1. #991
    Sencha User
    Join Date
    Jul 2011
    Posts
    17
    Vote Rating
    -1
    Ixtinkt is an unknown quantity at this point

      0  

    Default server side code

    server side code


    Here is my server side code
    PHP Code:
    <?php
        
    include('../settings.php');
        
    $arr = array();
         

        
    $db mysql_connect ($DB_HOST,$DB_USER,$DB_PASS) or die("Database error");;
        
    mysql_select_db($DB_NAME$db);
        
    mysql_query("SET NAMES 'utf8'");
        
    $start = ($_REQUEST['start'] != '') ? $_REQUEST['start'] : 0;
        
    $limit = ($_REQUEST['$limit'] != '') ? $_REQUEST['$limit'] : 9;
        if (!empty(
    $_REQUEST['fields']) && !empty($_REQUEST['query'])){
            
    $campos substr(stripcslashes($_REQUEST['fields']),2,-2);
            
    $prewhere split('\",\"'$campos);
            foreach (
    $prewhere as $index=>$value){
                
    $where[$index] = $value." LIKE '%".$_REQUEST['query']."%' ";
            }
            
    $endwhere " AND ".implode(" OR ",$where);
            
    $count_sql "SELECT id,name,code,city,address,description FROM shops WHERE group_id = ".$_REQUEST['group_id']." ".$endwhere;
        } else {
            
    $count_sql "SELECT id,name,code,city,address,description FROM shops WHERE group_id = ".$_REQUEST['group_id'];    
        }
        
        
    $sql $count_sql." LIMIT  ".$start.", ".$limit;
        If (!
    $rs mysql_query($sql)) {
            Echo 
    '{success:false}';

        }else{
            
    $rs_count mysql_query($count_sql);
            
    $results mysql_num_rows($rs_count);
            
            while(
    $obj mysql_fetch_object($rs)){
                
    $arr[] = $obj;
            }
            Echo 
    '{success:true,results:'.$results.',rows:'.json_encode($arr).'}';
        }
    ?>

  2. #992
    Sencha User
    Join Date
    Mar 2010
    Posts
    22
    Vote Rating
    0
    idefix is on a distinguished road

      0  

    Default


    As small comment to you php script. It is vulnerable to sql injection, you should fix that in your final version. If you pass a string as start='5;delete from shops' it will clean up your table
    Matthias

  3. #993
    Sencha User
    Join Date
    Jul 2011
    Posts
    17
    Vote Rating
    -1
    Ixtinkt is an unknown quantity at this point

      0  

    Default


    Quote Originally Posted by idefix View Post
    As small comment to you php script. It is vulnerable to sql injection, you should fix that in your final version. If you pass a string as start='5;delete from shops' it will clean up your table
    You can not pass anything else distinct of integer. Ext.ux.grid.Search plugin deny this, only int.
    P.S. I try "5;delete from shops" - doesn't work.

  4. #994
    Sencha User
    Join Date
    Oct 2009
    Posts
    23
    Vote Rating
    2
    ivanleblanc is on a distinguished road

      0  

    Default


    Quote Originally Posted by Ixtinkt View Post
    ivanleblanc, thanks for answer. Do you met some examples of server side using of this params?
    Well this is what the plugin attaches to the reload request based on what columns you tell the plugin you want to search in.
    Code:
    fields : ["id","invoice_to","vendor_name","description"]
    query: 4608
    On my server side I will have a function called remote_filtering. It looks like this:

    Code:
    function remote_filtering($fields=false, $table = NULL) {
        
        $table = ($table == NULL) ? $this->table : $table;
        $query = $this->input->get_post('query');
        if($query && $query != '') {
        
            if($fields!=false) {}
            elseif($this->input->get_post('fields'))
                $fields = !($fields) ? json_decode($this->input->get_post('fields')) : $fields;
            else
                $fields = $this->db->list_fields($table);
                            
            $query = addslashes($this->input->get_post('query'));
            foreach($fields as $field) {
                $this->db->or_having($field.' LIKE \'%'.$query.'%\'');
            }
        }
    }
    The code above is using Codeigniter to build the query... but you get the idea of what I'm doing.
    I check to see if I have a "query" parameter on the request and if so i use the "fields" parameter that the plugin sends to know what column to apply a LIKE statement too.

    The code just appends HAVING statements to the end of an already created SQL statement.

  5. #995
    Sencha User
    Join Date
    Mar 2010
    Posts
    22
    Vote Rating
    0
    idefix is on a distinguished road

      0  

    Default


    Try:
    Code:
    http://host/phpscript.php?limit=2%3Bdelete%20from%20shops
    Matthias

  6. #996
    Sencha User
    Join Date
    Jul 2011
    Posts
    17
    Vote Rating
    -1
    Ixtinkt is an unknown quantity at this point

      0  

    Default


    1. All requests sends via JS, to call main script with get params doesn't return
    terrible result.
    2. Haker do not know where scripts are place.
    3. I do not understand but if call my php script with get param I get
    "
    SELECT g.id,g.name,g.description,(select count(s.id) FROM shops s where s.group_id=g.id) count FROM shop_groups g LIMIT 0, 2;delete from shop;"
    but table shop rest not empty
    and sql query do not execute





  7. #997
    Sencha User
    Join Date
    Mar 2010
    Posts
    22
    Vote Rating
    0
    idefix is on a distinguished road

      0  

    Default


    Is the table not named shops?
    Matthias

  8. #998
    Sencha User
    Join Date
    Jul 2011
    Posts
    17
    Vote Rating
    -1
    Ixtinkt is an unknown quantity at this point

      0  

    Default


    I have created a new table, named "shop", to do not erase "shops"

  9. #999
    Sencha User
    Join Date
    Mar 2010
    Posts
    22
    Vote Rating
    0
    idefix is on a distinguished road

      0  

    Default


    it will not erase the table. It will only clear the content in the table.
    But maybe you have some security modules in your webserver enabled that will filter out the kind of chained querries.
    Matthias

  10. #1000
    Sencha User
    Join Date
    Jul 2011
    Posts
    17
    Vote Rating
    -1
    Ixtinkt is an unknown quantity at this point

      0  

    Default


    Quote Originally Posted by idefix View Post
    it will not erase the table. It will only clear the content in the table.
    But maybe you have some security modules in your browser enabled that will filter out the kind of chained querries.
    You think I do not understand what it can erase? It is server side script, browser doesn't have any attitude.

Thread Participants: 244

  1. franklt69 (5 Posts)
  2. galdaka (2 Posts)
  3. thameema (1 Post)
  4. Dumbledore (3 Posts)
  5. JeffBurr (1 Post)
  6. berend (1 Post)
  7. mystix (1 Post)
  8. salvi (1 Post)
  9. cobnet (1 Post)
  10. dawesi (2 Posts)
  11. mysticav (3 Posts)
  12. mike1993 (3 Posts)
  13. JorisA (1 Post)
  14. cricri (5 Posts)
  15. apaa (1 Post)
  16. mbstroz (5 Posts)
  17. notjoshing (1 Post)
  18. MeDavid (1 Post)
  19. AlxH (1 Post)
  20. pantarhei (5 Posts)
  21. DeeZ (3 Posts)
  22. NBRed5 (2 Posts)
  23. zoq (2 Posts)
  24. ajaxE (4 Posts)
  25. cmendez21 (1 Post)
  26. Ronaldo (1 Post)
  27. mjlecomte (25 Posts)
  28. smokeman (11 Posts)
  29. Nam (4 Posts)
  30. keithnlarsen (2 Posts)
  31. rednix (2 Posts)
  32. expertmo (4 Posts)
  33. cking (1 Post)
  34. jelt (4 Posts)
  35. bcamp1973 (2 Posts)
  36. grgur (2 Posts)
  37. dwt11 (1 Post)
  38. michiel (3 Posts)
  39. Shmoo (3 Posts)
  40. evilized (1 Post)
  41. fangstern (1 Post)
  42. vishalg (3 Posts)
  43. Strati (1 Post)
  44. ArtBuilders (6 Posts)
  45. dax (5 Posts)
  46. thatcoder (7 Posts)
  47. jcar98 (1 Post)
  48. derbbre (3 Posts)
  49. wm003 (1 Post)
  50. garraS (3 Posts)
  51. kenshin (1 Post)
  52. ByteLess (2 Posts)
  53. Lobos (1 Post)
  54. a4 (1 Post)
  55. durlabh (3 Posts)
  56. elDub (1 Post)
  57. rstuven (1 Post)
  58. crpatrick (4 Posts)
  59. zedisdead (1 Post)
  60. vector4711 (1 Post)
  61. oanimashaun (1 Post)
  62. donssmith (3 Posts)
  63. sanjshah (5 Posts)
  64. nielsendev (2 Posts)
  65. Jika (2 Posts)
  66. Cooldream (2 Posts)
  67. iTzAngel (1 Post)
  68. franck34 (2 Posts)
  69. paubach (2 Posts)
  70. stewart (1 Post)
  71. teknaut (4 Posts)
  72. pjesus (2 Posts)
  73. NotChris (5 Posts)
  74. juicymedia (2 Posts)
  75. v496820 (2 Posts)
  76. hazooma (1 Post)
  77. obbakilla (1 Post)
  78. BlueCamel (1 Post)
  79. feodor (1 Post)
  80. w3bbuilder (1 Post)
  81. johnsbrn (1 Post)
  82. razor (1 Post)
  83. seppy (3 Posts)
  84. stefanorg (3 Posts)
  85. jimkan (1 Post)
  86. kenja (2 Posts)
  87. sandy (1 Post)
  88. eri.TsingTao (1 Post)
  89. rainydays (1 Post)
  90. iLiketoGrid (1 Post)
  91. Shaguar (8 Posts)
  92. AMS949 (3 Posts)
  93. moegal (3 Posts)
  94. aleczapka (2 Posts)
  95. Stripeman (6 Posts)
  96. abhaysingh (5 Posts)
  97. mango (1 Post)
  98. NoahK17 (3 Posts)
  99. Remy (1 Post)
  100. medley (11 Posts)
  101. stevchen (1 Post)
  102. abraxxa (28 Posts)
  103. Efex (3 Posts)
  104. Rotomaul (2 Posts)
  105. miihiir (4 Posts)
  106. nebbian (1 Post)
  107. Riri (6 Posts)
  108. catalina (1 Post)
  109. Bing Qiao (1 Post)
  110. juferoto (2 Posts)
  111. bk1 (2 Posts)
  112. sami_user (1 Post)
  113. dmcclean (2 Posts)
  114. Pink.ME (3 Posts)
  115. sebrand (1 Post)
  116. charak (2 Posts)
  117. charleshimmer (16 Posts)
  118. patrosmania (4 Posts)
  119. rosecorp (1 Post)
  120. johrisd (1 Post)
  121. aomadevelopers (1 Post)
  122. nicola_java (1 Post)
  123. BitPoet (1 Post)
  124. OliverT (3 Posts)
  125. randomuser01 (2 Posts)
  126. schone (3 Posts)
  127. perdar (1 Post)
  128. ajain (3 Posts)
  129. getindas (1 Post)
  130. giega (1 Post)
  131. ryanyoungsma (1 Post)
  132. ph0enix (1 Post)
  133. italianboy (1 Post)
  134. LutzAlbers (3 Posts)
  135. Ajish (2 Posts)
  136. christophe67 (1 Post)
  137. jmariani (4 Posts)
  138. wki01 (4 Posts)
  139. wemerson.januario (1 Post)
  140. viciuascuns (4 Posts)
  141. JohnnyWheels (1 Post)
  142. nar (3 Posts)
  143. shab (2 Posts)
  144. mystik (1 Post)
  145. unnamed_dev (1 Post)
  146. ScottLoney (3 Posts)
  147. whodat (4 Posts)
  148. Alex84 (7 Posts)
  149. mjmonserrat (3 Posts)
  150. andy_ghg (2 Posts)
  151. knappy (1 Post)
  152. bareflix (2 Posts)
  153. makiavelli (1 Post)
  154. daniel_82 (1 Post)
  155. peteryjk (2 Posts)
  156. michael.pedrotti (1 Post)
  157. elona (3 Posts)
  158. chinnapandu (1 Post)
  159. jsundquist (6 Posts)
  160. feo (1 Post)
  161. dubito (2 Posts)
  162. Georgioa (1 Post)
  163. SchattenMann (4 Posts)
  164. Relleum (1 Post)
  165. ivan.kristianto (3 Posts)
  166. yeyepot (1 Post)
  167. raydeen (1 Post)
  168. easycodes (4 Posts)
  169. rockinrandall (5 Posts)
  170. redcs (3 Posts)
  171. hatsu1119 (1 Post)
  172. surendra_leo (1 Post)
  173. ssawchenko (11 Posts)
  174. Sigma (3 Posts)
  175. Lmouse (1 Post)
  176. Spongerusher (1 Post)
  177. ValiBOSS (1 Post)
  178. joe123 (3 Posts)
  179. scooter (3 Posts)
  180. harsha_velicheti (1 Post)
  181. ivanleblanc (9 Posts)
  182. m4v0 (3 Posts)
  183. jbusuulwa (1 Post)
  184. seedeg (6 Posts)
  185. Z24_2000 (3 Posts)
  186. markw (2 Posts)
  187. atutus (2 Posts)
  188. luke82 (3 Posts)
  189. rameshkt (2 Posts)
  190. elgalle (2 Posts)
  191. Vepe (2 Posts)
  192. barser (2 Posts)
  193. metra (5 Posts)
  194. hotdesc (4 Posts)
  195. chrislovecnm (1 Post)
  196. King_Aero (1 Post)
  197. idefix (5 Posts)
  198. daiei27 (3 Posts)
  199. LostSoul (2 Posts)
  200. tumbochka (3 Posts)
  201. Dipish (7 Posts)
  202. mcafee (1 Post)
  203. alexpotemkin (1 Post)
  204. ruperty (5 Posts)
  205. Rbn_3d (2 Posts)
  206. rxopt (1 Post)
  207. mayurid (1 Post)
  208. jeroen_syntux (2 Posts)
  209. aminaq (4 Posts)
  210. sosy (3 Posts)
  211. asafm (2 Posts)
  212. extjs1111_user (4 Posts)
  213. scottmartin (2 Posts)
  214. clements (1 Post)
  215. wavedan (3 Posts)
  216. jizhang88 (2 Posts)
  217. Coil (2 Posts)
  218. Samuel.reed (6 Posts)
  219. sense.nda12 (1 Post)
  220. zoja (1 Post)
  221. andyproxis (1 Post)
  222. baldeep_bhatia (1 Post)
  223. stevwinata (1 Post)
  224. Patrick86 (1 Post)
  225. dumpf (3 Posts)
  226. parimala (3 Posts)
  227. vicvolk (4 Posts)
  228. preichow (1 Post)
  229. shaoming (1 Post)
  230. Ixtinkt (7 Posts)
  231. jadiagaurang (1 Post)
  232. Juanyong (1 Post)
  233. venkateshns (1 Post)
  234. panpur (3 Posts)
  235. codeart.ch (2 Posts)
  236. hieu79vn (1 Post)
  237. mvsrekha (2 Posts)
  238. aislan (1 Post)
  239. buhari (1 Post)
  240. extjsquicklearner (1 Post)
  241. shankar8rajah1 (1 Post)
  242. jacinth_1215 (2 Posts)
  243. venkikodakirthi (1 Post)
  244. bwgv (1 Post)

Tags for this Thread