| Server IP : 134.29.175.74 / Your IP : 216.73.216.160 Web Server : nginx/1.10.2 System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586 User : Administrator ( 0) PHP Version : 7.1.0 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/nginx/html/Scheduler/common/ |
Upload File : |
<?
// is_valid($formLabel, $value, $fieldName, $tableName, $zeroIdOK, $database, $DEBUG)
// Validates that data is valid for the table field.
// Returns: true if the $value is valid.
// An error message if the $value is not valid.
// $formLabel = The label used on the form. This is used if an error message is needed.
// $value = The value to be validated.
// $fieldName = The field name in the table.
// $tableName = The table name.
// $zeroIdOK = Set true if you want to allow 0 as a valid Id. Default is false.
// $database = The database the table is in. Default is $_SESSION['DATABASE']['Default'].
// $DEBUG = Turn on DEBUGging.
function is_valid($formLabel, $value, $fieldName, $tableName, $zeroIdOK=false, $database=false, $DEBUG=false) {
t_FuncBegin();
$d_O_is_valid = d_O();
#$DEBUG = true;
if ( $DEBUG ) d_On();
d_Line('is_valid('.$formLabel.', '.$value.', '.$fieldName.', '.$tableName.', '.$zeroIdOK.', '.$database.')','/');
if ( !$database ) $database = $_SESSION['DATABASE']['Default']; // $database was not sent so use the default.
$is_valid = false; // Start with an invalid state.
$formLabelSafe = htmlSafe($formLabel); // Set htmlSafe(). Used for error message.
$valueSafe = htmlSafe($value); // Set htmlSafe(). Used for error message.
// Get field info from table.
$fieldQuery = 'SHOW COLUMNS FROM `'.$tableName.'` WHERE field=\''.$fieldName.'\'';
$columnInfo = query_info($fieldQuery,$database,false,false,false);
d_Var('$columnInfo',$columnInfo);
if ( $columnInfo ) {
// Check for composite primary key.
$query = "SHOW KEYS FROM `".$tableName."` WHERE Key_name = 'PRIMARY'";
d_Var('PK_Result',$query,'q');
$PK_Result = query_do($query,$database,false);
$PK_Count = $GLOBALS['_QUERY']['count'];
d_Var('PK_Result',$PK_Result);
if ( $PK_Count == 1 ) {
$columnInfo['Composite'] = false;
} else {
$columnInfo['Composite'] = true;
}
// Check if column is a foreign key.
$query = "SELECT `column_name`
, `referenced_table_schema` AS foreign_db
, `referenced_table_name` AS foreign_table
, `referenced_column_name` AS foreign_column
FROM `information_schema`.`KEY_COLUMN_USAGE`
WHERE `constraint_schema` = SCHEMA()
AND `table_name` = '".$tableName."'
AND `referenced_column_name` IS NOT NULL
ORDER BY `column_name`
";
#d_Var('FK_Result',$query,'dq');
$FK_Result = query_do($query,$database,false);
$FK_Count = $GLOBALS['_QUERY']['count'];
#d_Var('FK_Result',$FK_Result,'d');
$columnInfo['FKtable'] = false;
$columnInfo['FKfield'] = false;
#d_Var('$columnInfo',$columnInfo,'dk');
if ( $FK_Count ) {
query_seek($FK_Result, 0);
while ($FK_Info = query_row($FK_Result)) {
#d_Var('$FK_Info',$FK_Info,'dk');
if ( $FK_Info['column_name'] == $columnInfo['Field'] ) {
$columnInfo['FKtable'] = $FK_Info['foreign_table'];
$columnInfo['FKfield'] = $FK_Info['foreign_column'];
}
}
}
d_Var('$columnInfo',$columnInfo);
#d_Var('$columnInfo',$columnInfo,'d');
// Is $value empty and NULL allowed?
if ( ( $value === '' || $value === false ) && $columnInfo['Key'] == '' && $columnInfo['Null'] == 'YES' ) {
$is_valid = true;
d_Line('$is_valid = true on line '.__LINE__);
}
if ( !$is_valid ) {
// Get the field length from the Type.
$ts = explode('(',$columnInfo['Type']);
d_Var('$ts',$ts);
$type = $ts[0];
d_Var('$type',$type);
// Get integer and decimal length.
switch ($type) {
case 'int':
case 'int unsigned':
$columnLength = 9;
$decimalLength = 0;
break;
default:
if ( isset($ts[1]) ) {
$ts = explode(')',$ts[1]);
#d_Var('$ts',$ts,'+');
if ( strpos($ts[0],',') === false ) {
$columnLength = $ts[0];
$decimalLength = 0;
$totalLength = $columnLength;
} else {
$ts = explode(',',$ts[0]);
$columnLength = $ts[0]-$ts[1];
$decimalLength = $ts[1];
$totalLength = $ts[0];
if ( $decimalLength ) $totalLength++;
}
} else {
$columnLength = 0;
$decimalLength = 0;
}
} // switch $type
d_Var('$columnLength',$columnLength);
d_Var('$decimalLength',$decimalLength);
@d_Var('$totalLength',$totalLength);
#d_Var($fieldName,$columnInfo);
// Key types:
// PRI = Primary key. Primary keys are also unique.
// MUL = Non-unique key.
// UNI = Unique key.
if ( $columnInfo['Key'] == 'PRI' && $columnInfo['Composite'] === false ) { // Is this a PRIMARY or MULTIPLE key? // || $columnInfo['Key'] == 'MUL' || $columnInfo['Key'] == 'UNI'
if ( $columnInfo['Key'] != 'MUL' ) {
$tableNameToTest = $tableName; // For PRIMARY key use $tableName as the table name to check.
$keyType = 'PRIMARY';
} else {
$keyType = 'MULTIPLE';
// Determine the table name from the $field.
if ( substr($fieldName,-2) == 'Id' ) {
$tableNameToTest = substr($fieldName,0,-2); // For MULTIPLE key use $fieldName with the 'Id' stripped on the end as the table name to check.
// Check if there is a table with that name.
$tableNameTested = $tableNameToTest;
$query="SHOW TABLES FROM ".$database;
$ShowTables_QueryField = 'Tables_in_'.$database;
$tableResult = query_do($query,$database,false);
$tableCount = $GLOBALS['_QUERY']['count'];
if ($tableCount) {
$tableExists = false;
query_seek($tableResult, 0);
while ($tableInfo = query_row($tableResult)) {
#d_Var('$tableInfo[$ShowTables_QueryField]',$tableInfo[$ShowTables_QueryField]);
if ( $tableNameTested == $tableInfo[$ShowTables_QueryField] ) $tableExists = true;
}
if ( !$tableExists ) $tableNameToTest = false;
}
} else {
$tableNameToTest = false;
}
}
d_Var('$tableNameToTest',$tableNameToTest);
d_Var('is_numeric($value)',is_numeric($value));
d_Var('$value',$value);
d_Var('strlen($value)',strlen($value));
d_Var('$columnLength',$columnLength);
if ( $tableNameToTest && is_numeric($value) && $value >= 0 && strlen($value) <= $columnLength ) {
$query = "
SELECT ".$fieldName."
FROM `".$tableNameToTest."`
WHERE ".$fieldName." = ".$value."
";
$IdResult = query_do($query,$database,false);
$IdCount = $GLOBALS['_QUERY']['count'];
if ($IdCount == 1) {
$is_valid = true;
d_Line('$is_valid = true on line '.__LINE__);
}
}
if ( $tableNameToTest && $zeroIdOK && $value == 0 && $keyType == 'PRIMARY' ) {
$is_valid = true;
d_Line('$is_valid = true on line '.__LINE__);
}
if ( !$is_valid ) {
if ( $tableNameToTest ) {
$is_valid = 'The '.$formLabelSafe.' ('.$valueSafe.') is not a valid '.$keyType.' key in '.$tableNameToTest.' table.';
} else {
$is_valid = 'The '.$formLabelSafe.' ('.$valueSafe.') is not a valid '.$keyType.' key. Table \''.$tableNameTested.'\' does not exist.';
}
}
}
if ( !$is_valid ) {
// Continue checking.
d_Var('$value',$value);
d_Var('$columnLength',$columnLength);
d_Var('$decimalLength',$decimalLength);
@d_Var('$totalLength',$totalLength);
d_Var('$ts',$ts,'+');
d_Var('$type',$type);
// Check if $value is valid for the field.
switch ($type) {
case 'bigint':
case 'bit':
case 'decimal':
case 'double':
case 'float':
case 'int':
case 'mediumint':
case 'smallint':
case 'tinyint':
case 'year':
// Set field format. Used for error message.
if ( !$decimalLength ) {
$fieldFormat = ' ('.str_repeat('n',$columnLength).')';
} else {
$fieldFormat = ' ('.str_repeat('n',$columnLength).'.'.str_repeat('n',$decimalLength).')';
}
d_Var('$fieldFormat',$fieldFormat);
// Is $value numeric?
$value_no_comma = str_replace(',','',$value);
d_Var('$value_no_comma',$value_no_comma);
if ( !is_numeric($value_no_comma) ) {
$is_valid = 'The '.$formLabelSafe.' ('.$valueSafe.') is not a valid number';
} else {
// Get the $value parts.
$ts = explode('.',$value_no_comma);
d_Var('$ts',$ts,'+');
$integerPart = $ts[0];
if ( !isset($ts[1]) ) { $decimalPart = NULL; }
d_Var('$integerPart',$integerPart);
d_Var('$decimalPart',$decimalPart);
// Is $value too large?
if ( strlen($integerPart) > $columnLength ) {
$is_valid = 'The '.$formLabelSafe.' ('.$valueSafe.') is too large '.$fieldFormat.'';
}
// Is $value too long?
if ( strlen($decimalPart) > $decimalLength ) {
$is_valid = 'The '.$formLabelSafe.' ('.$valueSafe.') decimal part too long '.$fieldFormat.'';
}
if ( !$is_valid ) $is_valid = true;
}
break;
case 'binary':
case 'char':
case 'enum':
case 'set':
case 'varbinary':
case 'varchar':
if ( strlen($value) <= $columnLength ) {
$is_valid = true; d_Line('$is_valid = true on line '.__LINE__);
} else {
$is_valid = 'The '.$formLabelSafe.' entry is too long ('.strlen($value).' character'.(strlen($value) != 1 ? 's' : '').' entered when limit is '.$columnLength.').';
}
break;
case 'date':
$totalLength = 10;
$value = valid_date($value);
d_Var('value',$value);
if ( $value !== false ) {
$is_valid = true; d_Line('$is_valid = true on line '.__LINE__);
} else {
$is_valid = $formLabel.' is invalid'; d_Line('$is_valid = error on line '.__LINE__);
}
break;
case 'datetime':
$totalLength = 24;
break;
case 'time':
$totalLength = 13;
$value = valid_time($value);
d_Var('value',$value);
if ( $value !== false ) {
$is_valid = true; d_Line('$is_valid = true on line '.__LINE__);
} else {
$is_valid = $formLabel.' is invalid'; d_Line('$is_valid = error on line '.__LINE__);
}
break;
case 'timestamp':
$totalLength = 14;
break;
case 'blob':
case 'text':
if ( !isset($totalLength) ) $totalLength = 65535;
case 'longblob':
case 'longtext':
if ( !isset($totalLength) ) $totalLength = 4294967295;
case 'mediumblob':
case 'mediumtext':
if ( !isset($totalLength) ) $totalLength = 16777215;
case 'tinyblob':
case 'tinytext':
if ( !isset($totalLength) ) $totalLength = 255;
d_Var('$totalLength',$totalLength);
if ( strlen($value) <= $totalLength ) {
$is_valid = true;
} else {
$is_valid = 'The '.$formLabelSafe.' entry is too long ('.strlen($value).' character'.(strlen($value) != 1 ? 's' : '').' entered when limit is '.$totalLength.').';
}
break;
default:
}
}
} // if ( !$is_valid )
}
if ( $is_valid === false ) {
if ( !isset($type) ) $type = 'UNKNOWN';
$is_valid = "Function is_valid not programmed for type $type. formLabel = $formLabelSafe, value = $valueSafe, fieldName = $fieldName, tableName = $tableName.";
}
d_Var('$is_valid',$is_valid);
if ( !$d_O_is_valid && d_O() ) d_Off();
t_Func($is_valid);
t_FuncEnd();
return $is_valid;
}
?>