Changed the basequery builder so it can be set manually.
This commit is contained in:
@@ -39,6 +39,9 @@ class API
|
||||
private $requiredFields = [];
|
||||
private $optionalFields = [];
|
||||
|
||||
# Used for the query builder base
|
||||
public $baseQuery = false;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
# Setup Database connection
|
||||
@@ -222,13 +225,11 @@ class API
|
||||
$field = $builder['where'][0];
|
||||
$value = $builder['where'][1];
|
||||
|
||||
// Check if the field is allowed (in required or optional)
|
||||
$rules = $requiredFields[$field] ?? $optionalFields[$field] ?? null;
|
||||
if (!$rules) {
|
||||
$this->apiOutput(403, ['error' => "Field not allowed in query: $field"]);
|
||||
}
|
||||
|
||||
// Validate and sanitize
|
||||
if (!$this->validateField($value, $rules)) {
|
||||
$this->apiOutput(422, ['error' => "Invalid value for builder field: $field"]);
|
||||
}
|
||||
@@ -682,13 +683,16 @@ class API
|
||||
|
||||
protected function buildDynamicQuery(string $tableName): array
|
||||
{
|
||||
$baseQuery = "SELECT * FROM " . $tableName;
|
||||
if (!$this->baseQuery) {
|
||||
$this->baseQuery = "SELECT * FROM " . $tableName;
|
||||
}
|
||||
|
||||
$whereClauses = [];
|
||||
$types = '';
|
||||
$values = [];
|
||||
|
||||
if (!isset($_GET['builder']) || !is_array($_GET['builder'])) {
|
||||
return [$baseQuery, $types, $values];
|
||||
return [$this->baseQuery, $types, $values];
|
||||
}
|
||||
|
||||
foreach ($_GET['builder'] as $builder) {
|
||||
@@ -705,10 +709,10 @@ class API
|
||||
}
|
||||
|
||||
if (!empty($whereClauses)) {
|
||||
$baseQuery .= " WHERE " . implode(" AND ", $whereClauses);
|
||||
$this->baseQuery .= " WHERE " . implode(" AND ", $whereClauses);
|
||||
}
|
||||
|
||||
return [$baseQuery, $types, $values];
|
||||
return [$this->baseQuery, $types, $values];
|
||||
}
|
||||
|
||||
protected function generalGetFunction($query, $types, $params, $returnBoolean, $itemName)
|
||||
|
||||
Reference in New Issue
Block a user