From: Thomas Mudrunka Date: Sat, 27 Aug 2011 02:43:24 +0000 (+0200) Subject: Pridano nacitani WHERE z URL X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=d9d47bd38e8c626e9c5db71a6db13a0ff0eb0ba1;p=mirrors%2FSokoMan.git Pridano nacitani WHERE z URL --- diff --git a/index.php b/index.php index 71651ed..404ad79 100755 --- a/index.php +++ b/index.php @@ -442,6 +442,9 @@ class Sklad_DB extends PDO { 'item' => array('item_id','item_serial','model_name','model_barcode','model_descript','producer_name','vendor_name') ); //TODO Autodetect + //Init + if(is_array($where)) foreach($where as $key => $value) $where[$key] = $key.' '.$value; //TODO: escape SQLi!!! + //Escaping $class = $this->escape($class); @@ -873,7 +876,7 @@ class Sklad_UI { $history = $PATH_CHUNKS[3] == 'history' ? true : false; $limit = (int) (isset($PATH_CHUNKS[3]) ? $PATH_CHUNKS[3] : '0'); $offset = (int) (isset($PATH_CHUNKS[4]) ? $PATH_CHUNKS[4] : '0'); - $where = false; //TODO get from URL + $where = @is_array($_GET['where']) ? $_GET['where'] : false; echo $this->render_items($class, $id, $limit, $offset, $where, $search, $history); echo $this->render_listing_extensions($class, $id, $limit, $offset, $edit); //print_r(array("
",$_SERVER));