|
|
- <?php
- // Project: Web Reference Database (refbase) <http://www.refbase.net>
- // Copyright: Matthias Steffens <mailto:refbase@extracts.de> and the file's
- // original author(s).
- //
- // This code is distributed in the hope that it will be useful,
- // but WITHOUT ANY WARRANTY. Please see the GNU General Public
- // License for more details.
- //
- // File: ./sql_search.php
- // Repository: $HeadURL: file:///svn/p/refbase/code/branches/bleeding-edge/sql_search.php $
- // Author(s): Matthias Steffens <mailto:refbase@extracts.de>
- //
- // Created: 29-Jul-02, 16:39
- // Modified: $Date: 2012-03-05 10:19:03 +0000 (Mon, 05 Mar 2012) $
- // $Author: msteffens $
- // $Revision: 1363 $
-
- // Search form that offers to specify a custom sql query.
- // It offers some output options (like how many records to display per page)
- // and provides some examples and links for further information on sql queries.
-
-
- // Incorporate some include files:
- include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password
- include 'includes/header.inc.php'; // include header
- include 'includes/footer.inc.php'; // include footer
- include 'includes/include.inc.php'; // include common functions
- include 'initialize/ini.inc.php'; // include common variables
-
- // --------------------------------------------------------------------
-
- // START A SESSION:
- // call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
- start_session(true);
-
- // --------------------------------------------------------------------
-
- // Initialize preferred display language:
- // (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)
- include 'includes/locales.inc.php'; // include the locales
-
- // --------------------------------------------------------------------
-
- // If there's no stored message available:
- if (!isset($_SESSION['HeaderString']))
- $HeaderString = $loc["SearchSQL"].":"; // Provide the default message
- else
- {
- $HeaderString = $_SESSION['HeaderString']; // extract 'HeaderString' session variable (only necessary if register globals is OFF!)
-
- // Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
- deleteSessionVariable("HeaderString"); // function 'deleteSessionVariable()' is defined in 'include.inc.php'
- }
-
- // Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''):
- // ('' will produce the default 'Web' output style)
- if (isset($_REQUEST['viewType']))
- $viewType = $_REQUEST['viewType'];
- else
- $viewType = "";
-
- // Check if the script was called with parameters (like: 'sql_search.php?customQuery=1&sqlQuery=...&showQuery=...&showLinks=...')
- // If so, the parameter 'customQuery=1' will be set:
- if (isset($_REQUEST['customQuery']))
- $customQuery = $_REQUEST['customQuery']; // accept any previous SQL queries
- else
- $customQuery = "0";
-
- if ($customQuery == "1") // the script was called with parameters
- {
- $sqlQuery = $_REQUEST['sqlQuery']; // accept any previous SQL queries
- $sqlQuery = stripSlashesIfMagicQuotes($sqlQuery); // function 'stripSlashesIfMagicQuotes()' is defined in 'include.inc.php'
-
- $showQuery = $_REQUEST['showQuery']; // extract the $showQuery parameter
- if ("$showQuery" == "1")
- $checkQuery = " checked";
- else
- $checkQuery = "";
-
- $showLinks = $_REQUEST['showLinks']; // extract the $showLinks parameter
- if ("$showLinks" == "1")
- $checkLinks = " checked";
- else
- $checkLinks = "";
-
- $showRows = $_REQUEST['showRows']; // extract the $showRows parameter
-
- $displayType = $_REQUEST['submit']; // extract the type of display requested by the user (either 'Display', 'Cite', 'List' or '')
- $citeStyle = $_REQUEST['citeStyle']; // get the cite style chosen by the user (only occurs in 'extract.php' form and in query result lists)
- $citeOrder = $_REQUEST['citeOrder']; // get the citation sort order chosen by the user (only occurs in 'extract.php' form and in query result lists)
- }
- else // if there was no previous SQL query provide the default one:
- {
- // default SQL query:
- // TODO: build the complete SQL query using functions 'buildFROMclause()' and 'buildORDERclause()'
- $sqlQuery = buildSELECTclause("", "", "", false, false); // function 'buildSELECTclause()' is defined in 'include.inc.php'
-
- if (isset($_SESSION['loginEmail']))
- $sqlQuery .= " FROM $tableRefs WHERE location RLIKE \"" . $loginEmail . "\" ORDER BY year DESC, author"; // '$loginEmail' is defined in function 'start_session()' (in 'include.inc.php')
- else
- $sqlQuery .= " FROM $tableRefs WHERE year > 2001 ORDER BY year DESC, author";
-
- $checkQuery = "";
- $checkLinks = " checked";
-
- // Get the default number of records per page preferred by the current user:
- $showRows = $_SESSION['userRecordsPerPage'];
-
- $displayType = ""; // ('' will produce the default view)
- $citeStyle = "";
- $citeOrder = "";
- }
-
- // Show the login status:
- showLogin(); // (function 'showLogin()' is defined in 'include.inc.php')
-
- // (2a) Display header:
- // call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
- displayHTMLhead(encodeHTML($officialDatabaseName) . " -- " . $loc["SQLSearch"], "index,follow", "Search the " . encodeHTML($officialDatabaseName), "", false, "", $viewType, array());
- showPageHeader($HeaderString);
-
- // (2b) Start <form> and <table> holding the form elements:
- ?>
-
- <form action="search.php" method="GET">
- <input type="hidden" name="formType" value="sqlSearch">
- <input type="hidden" name="submit" value="<?php echo $displayType; ?>">
- <input type="hidden" name="citeStyle" value="<?php echo rawurlencode($citeStyle); ?>">
- <input type="hidden" name="citeOrder" value="<?php echo $citeOrder; ?>">
- <table align="center" border="0" cellpadding="0" cellspacing="10" width="95%" summary="This table holds the search form">
- <tr>
- <td width="58" valign="top"><b><?php echo $loc["SQLQuery"]; ?>:</b></td>
- <td width="10"> </td>
- <td colspan="2">
- <textarea name="sqlQuery" rows="6" cols="60"><?php echo $sqlQuery; ?></textarea>
- </td>
- </tr>
- <tr>
- <td valign="top"><b><?php echo $loc["DisplayOptions"]; ?>:</b></td>
- <td> </td>
- <td width="205" valign="top">
- <input type="checkbox" name="showLinks" value="1"<?php echo $checkLinks; ?>> <?php echo $loc["ShowLinks"]; ?>
-
- </td>
- <td valign="top">
- <?php echo $loc["ShowRecordsPerPage_Prefix"]; ?> <input type="text" name="showRows" value="<?php echo $showRows; ?>" size="4" title="<?php echo $loc["DescriptionShowRecordsPerPage"]; ?>"> <?php echo $loc["ShowRecordsPerPage_Suffix"]; ?>
-
- </td>
- </tr>
- <tr>
- <td> </td>
- <td> </td>
- <td valign="top">
- <input type="checkbox" name="showQuery" value="1"<?php echo $checkQuery; ?>> <?php echo $loc["DisplaySQLquery"]; ?>
-
- </td>
- <td valign="top">
- <?php echo $loc["ViewType"]; ?>:
- <select name="viewType">
- <option value="Web"><?php echo $loc["web"]; ?></option>
- <option value="Print"><?php echo $loc["print"]; ?></option>
- <option value="Mobile"><?php echo $loc["mobile"]; ?></option>
- </select>
- </td>
- </tr>
- <tr>
- <td> </td>
- <td> </td><?php
-
- if (isset($_SESSION['user_permissions']) AND preg_match("/allow_sql_search/", $_SESSION['user_permissions'])) // if the 'user_permissions' session variable contains 'allow_sql_search'...
- // adjust the title string for the search button
- {
- $sqlSearchButtonLock = "";
- $sqlSearchTitle = $loc["SearchVerbatim"];
- }
- else // Note, that disabling the submit button is just a cosmetic thing -- the user can still submit the form by pressing enter or by building the correct URL from scratch!
- {
- $sqlSearchButtonLock = " disabled";
- $sqlSearchTitle = $loc["NoPermission"] . $loc["NoPermission_ForSQL"];
- }
- ?>
-
- <td colspan="2">
- <br>
- <input type="submit" value="<?php echo $loc["Search"]; ?>" title="<?php echo $sqlSearchTitle; ?>"<?php echo $sqlSearchButtonLock; ?>>
- </td>
- </tr>
- <tr>
- <td align="center" colspan="4"> </td>
- </tr>
- <tr>
- <td valign="top"><b><?php echo $loc["Examples"]; ?>:</b></td>
- <td> </td>
- <td colspan="2">
- <code>SELECT author, title, year, publication FROM <?php echo $tableRefs; ?> WHERE publication = "Polar Biology" AND author RLIKE "Legendre|Ambrose" ORDER BY year DESC, author</code>
- </td>
- </tr>
- <tr>
- <td valign="top"> </td>
- <td> </td>
- <td colspan="2">
- <code>SELECT serial, author, title, year, publication, volume FROM <?php echo $tableRefs; ?> ORDER BY serial DESC LIMIT 10</code>
- </td>
- </tr>
- <tr>
- <td valign="top"><b><?php echo $loc["Help"]; ?>:</b></td>
- <td> </td>
- <td colspan="2">
- <?php echo $loc["MySQL-Info"]; ?>
-
- </td>
- </tr>
- </table>
- </form><?php
-
- // --------------------------------------------------------------------
-
- // DISPLAY THE HTML FOOTER:
- // call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php')
- showPageFooter($HeaderString);
-
- displayHTMLfoot();
-
- // --------------------------------------------------------------------
- ?>
|