SQL INJECTION
Is this script secure..? How to prevent the SQL Injection… I using another script before, but the problem is the enable sqi..
Thanks
CreativeDreams
replied
hello,
I try to insert your script in wordpress. it works but I have a little problem. I changed in “creativeTable.php” this line to form the ajax work
if ($ this-> ajax_url !='')
/ / $ Out .= 'var ajax_url ="'.$ this-> ajax_url .'";';
$ out .= 'var ajax_url = "http://localhost/worpres-theme/wp-content/themes/mytheme/recherche_villes_france.php";';
it works but as you can see in the screenshots below, the td of the table do not keep the width and the “advenced search” is not displayed. I think it’s a path problem
http://revario2.free.fr/image/03.jpgand when input data in form
http://revario2.free.fr/image/04.jpgthank you for your help
CreativeDreams
replied
You are doing something wrong.
Please email me and send me your online url for me too see and help you better.
Cheers
Serna
replied
Hello Creative,
it’s ok now
I put the js and css calls in absolute , in wordpress targeting is special (WP_CONTENT_URL, WP_CONTENT_DIR etc. ..)
Olá!
You mention that the script is flexible, but the question was “is it secure”. have YOU protected all (forms, url, etc) input from sql injections, etc?
CreativeDreams
replied
By default it’s not that secure.
I don’t know what level of security you want, but like I said, if you want to protect from sql injection (medium level) you just need to had one line of code. (addslashes in the search function).
If you want extra super hiper protection then you can easily had your own function to it. (because it’s very flexible)
Email me and explain me your own project and your doubts an concerns a little bit better and I will clarify that to you.
Cheers
Your tables are incredible. Congratulations on the job!
On page 3 sample with JS, is how I click a button and it updates the table?
That is, if ordered in descending and searching for any word in the search field I click this button to upgrade and update table with the same results and decreasing seeking any word but with updated data bank!
Mas somos da mesma língua! Suas tabelas são incríveis. Parabéns pelo trabalho!
Na página de exemplo 3 com JS, há como fazer algum botão que eu clico e ele atualiza a tabela?
Ou seja, se estiver ordenado em decrescente e buscando uma palavra qualquer no campo busca eu clico nesse botão atualizar e a tabela atualiza com os mesmos resultados decrescente e buscando uma palavra qualquer porém com os dados do banco atualizados!
CreativeDreams
replied
Mesma língua e mesmo nome. 
vou supor que está a usar AJAX . Tens que chamar a função:
ctSubmitForm(table_id,page,pass_total_items,reload_option);
para actualizar a tabela, p.ex:
ctSubmitForm(‘ct’,1,false,’items_per_page,tbody,pager’);
Envia-me um email que eu explico-te melhor.
Cumps
Sorting and searching doesnt appear to be working for me. Nor am i getting any changes in the number of results being displayed when i selected a number of results per page. Is there minimum settings to get those to work?
Last question, I want to have table headers, but i would prefer that it just used the sql field names. Is there an option to have it do that automatically?
I know there are a lot of examples, but I find the actual documentation to be a bit lacking.
CreativeDreams
replied
Hi Mac,
you are using AJAX right? If you have an error or a echo in your php script then the sort and the search doesn’t work, like expected.
Please email me with your online example and I will help you figure it out what you are doing wrong.
About the headers beeing automaticly, that’s a nice feature that no one’s ever asked but I will develop that for you and further versions. Email me and I will send that to you.
About the documentations beeing a bit lacking, LOL , if I had to put all possible things in there… well right now I wasn’t answering to you… and was still writing it. 
What I do is when something new appears that a user wants I normally put in the new version of it. I think you understand that. 
So email me for better help.
Cheers
macscr
replied
Well i dont think i can end up using your script as it doesnt appear the search works with results that come from joins, etc. Here is a pastebin link to my sample code: http://pastebin.com/SVWcUHNX
Also, I am using PDO for mysql in the rest of my script, so having to setup a separate db connection isnt ideal.
I never got the sorting to work and I couldnt find any syntax issues.
macscr
replied
You can see by this debug response that the search query that was created by your script is wrong:
SQL ERROR : Column ‘id’ in where clause is ambiguous SQL QUERY : SELECT COUNT FROM form_meta m, forms f, user_meta um WHERE (m.user_id = um.user_id) AND (id LIKE ‘ Mark ’ OR first_name LIKE ‘ Mark ’ OR last_name LIKE ‘ Mark ’ OR form_name LIKE ‘ Mark ’ OR date_created LIKE ‘ Mark ’ OR date_updated LIKE ‘ Mark ‘)
Good product with great support. Had a question which I emailed the author and had a full reply within hours. Cannot recommend highly enough.
Keep up the good work
CreativeDreams
replied
I’m glad you are satisfied!!!
599 Purchases 186 Comments
( 106 ratings )
1,378,388
Total Marketplace Items1,037,061
COPYRIGHT © 2012 ENVATO| TERMS OF USAGE| SUPPORT/HELP| ICONS BY TANGO + WEFUNCTION + FAMFAMFAM
Adobe®, Flash®, Flex®, Fireworks®, Photoshop®, Illustrator®, InDesign® and After Effects® are registered trademarks of Adobe Systems Incorporated.
Request processing...
The script is very flexible.
If you wish you can easily had stripslashes to the search.
If you want a even more secure feature, you can append to it, also.
It up to you.