escape_string(trim($_POST['tableName'])); $table_fields = trim($_POST['tableFields']); if (isset($_POST['keywords']) and !empty($_POST['keywords'])) { $keywords = $dbs->escape_string(urldecode(ltrim($_POST['keywords']))); } else { $keywords = ''; } // explode table fields data $fields = str_replace(':', ', ', $table_fields); // set where criteria $criteria = ''; foreach (explode(':', $table_fields) as $field) { $criteria .= " $field LIKE '%$keywords%' OR"; } // remove the last OR $criteria = substr_replace($criteria, '', -2); $sql_string = "SELECT $fields "; // append table name $sql_string .= " FROM $table_name "; if ($criteria) { $sql_string .= " WHERE $criteria LIMIT $limit"; } // send query to database $query = $dbs->query($sql_string); $error = $dbs->error; $data = array(); if (isset($_GET['format'])) { if ($_GET['format'] == 'json') { header('Contenty-Type: application/json'); if ($error) { echo json_encode(array('id' => 0, 'text' => $error)); } if ($query->num_rows > 0) { $items = []; while ($row = $query->fetch_row()) { $data[] = array('id' => $row[0], 'text' => $row[1] . (isset($row[2]) ? ' - ' . $row[2] : '') . (isset($row[3]) ? ' - ' . $row[3] : '')); array_walk($row, function ($i) use (&$items) { $items[] = strtolower(trim($i)); }); } if (isset($_GET['allowNew']) && !in_array(strtolower(trim($keywords)), $items)) { $data = [['id' => 'NEW:' . $keywords, 'text' => $keywords . ' <' . __('Add New') . '>'], ...$data]; } } else { if (isset($_GET['allowNew'])) { $data[] = array('id' => 'NEW:' . $keywords, 'text' => $keywords . ' <' . __('Add New') . '>'); } else { $data[] = array('id' => 'NONE', 'text' => 'NO DATA FOUND'); } } echo json_encode($data); } exit(); } else { if ($error) { echo '' . $error . ''; } if ($query->num_rows < 1) { // output the SQL string // echo ''.$sql_string.''; echo 'NO DATA FOUND' . "\n"; } else { while ($row = $query->fetch_row()) { echo '' . $row[1] . (isset($row[2]) ? ' - ' . $row[2] : '') . (isset($row[3]) ? ' - ' . $row[3] : '') . '' . "\n"; } } exit(); }