0

我将 DataTables-1.9.4 与服务器端处理一起使用,一切正常,但我的表正在从表中返回所有内容!总共有 3,147 个条目,每天都在增长……

示例:www.hunterpdx.com/metro_new_copy/view-reports-test.php

有没有办法限制返回显示与特定特定关联的数据, user: WHERE company = $_SESSION['company']? 我确信可以做到这一点,但我已经花了几天时间,却一无所获......

我正在使用基本的初始化代码(即使表 ID 相同):

$(document).ready(function() {
    $('#example').dataTable( {
        "bProcessing": true,
        "bServerSide": true,
        "sAjaxSource": "../server_side/scripts/server_processing.php"
    } );
} );

我在 server_processing.php 文件中更改的唯一内容是 aColumns 数组和数据库连接信息:

<?php
    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
     * Easy set variables
     */

    /* Array of database columns which should be read and sent back to DataTables. Use a space where
     * you want to insert a non-database field (for example a counter or static image)
     */
    $aColumns = array( 'company', 'bldg', 'report', 'freq', 'report_date', 'file_path' );

    /* Indexed column (used for fast and accurate table cardinality) */
    $sIndexColumn = "report_id";

    /* DB table to use */
    $sTable = "uploads";

    /* Database connection information */
    $gaSql['user']       = "root";
    $gaSql['password']   = "";
    $gaSql['db']         = "members";
    $gaSql['server']     = "localhost";

我假设它必须对 server_processing.php 的这一部分做一些事情:

/*
 * Filtering
 * NOTE this does not match the built-in DataTables filtering which does it
 * word by word on any field. It's possible to do here, but concerned about efficiency
 * on very large tables, and MySQL's regex functionality is very limited
 */
$sWhere = "";
if ( isset($_GET['sSearch']) && $_GET['sSearch'] != "" )
{
    $sWhere = "WHERE (";
    for ( $i=0 ; $i<count($aColumns) ; $i++ )
    {
        $sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string( $_GET['sSearch'] )."%' OR ";
    }
    $sWhere = substr_replace( $sWhere, "", -3 );
    $sWhere .= ')';
}

/* Individual column filtering */
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
    if ( isset($_GET['bSearchable_'.$i]) && $_GET['bSearchable_'.$i] == "true" && $_GET['sSearch_'.$i] != '' )
    {
        if ( $sWhere == "" )
        {
            $sWhere = "WHERE ";
        }
        else
        {
            $sWhere .= " AND ";
        }
        $sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string($_GET['sSearch_'.$i])."%' ";
    }
}

这里的目标是确保用户只看到与他的公司相关的数据(即使使用内置过滤搜索):

WHERE company = '$_SESSION['company']'

该网站上线实际上是在完成这项工作,所以我非常需要帮助!这可以做到吗?如何?

4

1 回答 1

0

感谢@Maximus2012 带我完成这个!答案很简单:

session_start();在 server_processing.php 页面顶部调用!

为了过滤特定会话,我在会话开始下方设置了一个特定于用户的变量:

$userCompany = $_SESSION['company'];

然后通过更改第一个来调用代码过滤部分中的变量:

$sWhere = "";


$sWhere = "WHERE company = '".$userCompany."'";

最后,为了确保搜索过滤器没有绕过初始过滤器,我更改了

$sWhere .= ')';


$sWhere .= ") AND company = '".$userCompany."'";
于 2013-10-02T20:42:50.527 回答