isset ( $request['draw'] ) ? intval( $request['draw'] ) : 0, "recordsTotal" => intval( $recordsTotal ), "recordsFiltered" => intval( $recordsFiltered ), "data" => self::data_output( $columns, $data ) ); } /** * The difference between this method and the `simple` one, is that you can * apply additional `where` conditions to the SQL queries. These can be in * one of two forms: * * * 'Result condition' - This is applied to the result set, but not the * overall paging information query - i.e. it will not effect the number * of records that a user sees they can have access to. This should be * used when you want apply a filtering condition that the user has sent. * * 'All condition' - This is applied to all queries that are made and * reduces the number of records that the user can access. This should be * used in conditions where you don't want the user to ever have access to * particular records (for example, restricting by a login id). * * @param array $request Data sent to server by DataTables * @param array|PDO $conn PDO connection resource or connection parameters array * @param string $table SQL table to query * @param string $primaryKey Primary key of the table * @param array $columns Column information array * @param string $whereResult WHERE condition to apply to the result set * @param string $whereAll WHERE condition to apply to all queries * @return array Server-side processing response array */ static function complex ( $request, $conn, $table, $primaryKey, $columns, $whereResult=null, $whereAll=null ) { $bindings = array(); $db = self::db( $conn ); $localWhereResult = array(); $localWhereAll = array(); $whereAllSql = ''; // Build the SQL query string from the request $limit = self::limit( $request, $columns ); $order = self::order( $request, $columns ); $where = self::filter( $request, $columns, $bindings ); $whereResult = self::_flatten( $whereResult ); $whereAll = self::_flatten( $whereAll ); if ( $whereResult ) { $where = $where ? $where .' AND '.$whereResult : 'WHERE '.$whereResult; } if ( $whereAll ) { $where = $where ? $where .' AND '.$whereAll : 'WHERE '.$whereAll; $whereAllSql = 'WHERE '.$whereAll; } // Main query to actually get the data $data = self::sql_exec( $db, $bindings, "SELECT SQL_CALC_FOUND_ROWS `".implode("`, `", self::pluck($columns, 'db'))."` FROM `$table` $where $order $limit" ); // Data set length after filtering $resFilterLength = self::sql_exec( $db, "SELECT FOUND_ROWS()" ); $recordsFiltered = $resFilterLength[0][0]; // Total data set length $resTotalLength = self::sql_exec( $db, $bindings, "SELECT COUNT(`{$primaryKey}`) FROM `$table` ". $whereAllSql ); $recordsTotal = $resTotalLength[0][0]; /* * Output */ return array( "draw" => isset ( $request['draw'] ) ? intval( $request['draw'] ) : 0, "recordsTotal" => intval( $recordsTotal ), "recordsFiltered" => intval( $recordsFiltered ), "data" => self::data_output( $columns, $data ) ); } /** * Connect to the database * * @param array $sql_details SQL server connection details array, with the * properties: * * host - host name * * db - database name * * user - user name * * pass - user password * @return resource Database connection handle */ static function sql_connect ( $sql_details ) { try { $db = @new PDO( "mysql:host={$sql_details['host']};dbname={$sql_details['db']}", $sql_details['user'], $sql_details['pass'], array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION ) ); } catch (PDOException $e) { self::fatal( "An error occurred while connecting to the database. ". "The error reported by the server was: ".$e->getMessage() ); } return $db; } /** * Execute an SQL query on the database * * @param resource $db Database handler * @param array $bindings Array of PDO binding values from bind() to be * used for safely escaping strings. Note that this can be given as the * SQL query string if no bindings are required. * @param string $sql SQL query to execute. * @return array Result from the query (all rows) */ static function sql_exec ( $db, $bindings, $sql=null ) { // Argument shifting if ( $sql === null ) { $sql = $bindings; } $stmt = $db->prepare( $sql ); //echo $sql; // Bind parameters if ( is_array( $bindings ) ) { for ( $i=0, $ien=count($bindings) ; $i<$ien ; $i++ ) { $binding = $bindings[$i]; $stmt->bindValue( $binding['key'], $binding['val'], $binding['type'] ); } } // Execute try { $stmt->execute(); } catch (PDOException $e) { self::fatal( "An SQL error occurred: ".$e->getMessage() ); } // Return all return $stmt->fetchAll( PDO::FETCH_BOTH ); } /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Internal methods */ /** * Throw a fatal error. * * This writes out an error message in a JSON string which DataTables will * see and show to the user in the browser. * * @param string $msg Message to send to the client */ static function fatal ( $msg ) { echo json_encode( array( "error" => $msg ) ); exit(0); } /** * Create a PDO binding key which can be used for escaping variables safely * when executing a query with sql_exec() * * @param array &$a Array of bindings * @param * $val Value to bind * @param int $type PDO field type * @return string Bound key to be used in the SQL where this parameter * would be used. */ static function bind ( &$a, $val, $type ) { $key = ':binding_'.count( $a ); $a[] = array( 'key' => $key, 'val' => $val, 'type' => $type ); return $key; } /** * Pull a particular property from each assoc. array in a numeric array, * returning and array of the property values from each item. * * @param array $a Array to get data from * @param string $prop Property to read * @return array Array of property values */ static function pluck ( $a, $prop ) { $out = array(); for ( $i=0, $len=count($a) ; $i<$len ; $i++ ) { $out[] = $a[$i][$prop]; } return $out; } /** * Return a string from an array or a string * * @param array|string $a Array to join * @param string $join Glue for the concatenation * @return string Joined string */ static function _flatten ( $a, $join = ' AND ' ) { if ( ! $a ) { return ''; } else if ( $a && is_array($a) ) { return implode( $join, $a ); } return $a; } }