I know its probably unconventional but I want to know if the below code is secure or not.
First piece of code is htee jquery object creation plus the call to the retrieve_data function:
var dataset = [
{
query_column: "articles.id,articles.category_id,articles.text,articles.slug article_slug,site_categories.title,site_categories.slug site_categories_slug",
table_name: 'articles',
query_join: 'LEFT JOIN site_categories ON site_categories.Id = ' + category,
query_filter: ['articles.category_id LIKE ', '%' + category + '%'],
query_limit: 'LIMIT ' + limit,
unique_column_switch: '1'
}
];
retrieve_data(dataset, function (data) {
Next is the retrieve_data function itself:
function retrieve_data(dataset, callback) {
$.ajax(
{
type: "POST",
url: "<?php echo ROOT_URL; ?>php/content/retrieve_data.php",
data: {json: JSON.stringify(dataset)},
success: function (data) {
var data = $.parseJSON(data);
callback(data);
}
});
}
Finally the php that retrieves the data and prints it out for the return to jquery:
mb_internal_encoding("UTF-8");
session_start();
include '../../config.php';
include ROOT_DIR . "php/dbconnection/dbconnection.php";
include ROOT_DIR . 'php/authentication/encryption.php';
$encrypt_decrypt = new encryption();
$json = json_decode($_POST['json']);
$array = array();
/*
* THIS IS TO BUILD A STRING OF DIFFERENT QUERIES TO BE PERFORMED UPON UPDATE BEING PRESSED
* PARAMS:
* data_value:::::::::::: THE VALUE USED TO FIND THE ROW
* table_name:::::::::::: TABLE NAME
* unique_column::::::::: UNIQUE DATA ELEMENT THAT LINKS ALL THE TABLES TOGETHER
* query_end::::::::::::: END OF QUERY (EXTRA WHERE CLAUSES, ORDER BY, LIMIT, ETC)
* query_column:::::::::: COLUMNS THAT ARE GOING TO BE CALLED, DEFAULTS TO * IF USING JOINS THEN THIS MUST BE SPECIFIED I.E. TABLE1.*, TABLE2.*, ETC
* query_join:::::::::::: SET ANY JOINS HERE
* unique_column_switch:: IF SET TO 1 DISABLES USE OF A UNIQUE COLUMN AND USES QUERY END EXCLUSIVELY
*/
foreach($json as $item){
$table_name = $mysqli->real_escape_string($item->table_name);
$unique_column = $mysqli->real_escape_string($item->unique_column);
$data_value = $mysqli->real_escape_string($item->data_value);
$query_column = $mysqli->real_escape_string($item->query_column);
$query_join = $mysqli->real_escape_string($item->query_join);
$query_filter = $item->query_filter;
$query_order = $mysqli->real_escape_string($item->query_order);
$query_limit = $mysqli->real_escape_string($item->query_limit);
$unique_column_switch = $mysqli->real_escape_string($item->unique_column_switch);
$query_filter_safe = array();
foreach($query_filter as $key1 => $val1){
array_push($query_filter_safe, ($key1 % 2) ? "'" . $mysqli->real_escape_string($val1) . "'" : $mysqli->real_escape_string($val1));
}
if(empty($unique_column) && $unique_column_switch != '1'){
$query1 = $mysqli->query("SHOW KEYS FROM `$table_name` WHERE Key_name = 'PRIMARY'");
$fetch1 = $query1->fetch_array(MYSQLI_ASSOC);
$unique_set = $fetch1['Column_name'] . " = '" . $data_value . "'";
$unique_column = $fetch1['Column_name'];
} else{
$unique_set = ($unique_column_switch != '1') ? "`" . $table_name . "`.`" . $unique_column . "` = '" . $data_value . "'" : '';
}
$unique_column = (empty($unique_column)) ? '' : $unique_column;
$where = (empty($unique_set) && empty($query_filter)) ? '' : 'WHERE';
$select_items = (empty($query_column)) ? '*' : $query_column;
$query2 = "SELECT " . $select_items . " FROM " . $table_name . " " . $query_join . " " . $where . " " . $unique_set . " " . join(' ', $query_filter_safe) . " " . $query_order . " " . $query_limit;
//echo $query2;
$query2 = $mysqli->query($query2);
for($x = 0; $fetch2 = $query2->fetch_array(MYSQLI_ASSOC); $x++){
$fetch2 = $encrypt_decrypt->decrypt_val($fetch2, $table_name, $mysqli);
foreach($fetch2 as $column => $value){
($unique_column == $column) ? $array[$table_name][$x]['INDEX_VALUE'] = $value : $array[$table_name][$x][$column] = $value;
}
}
}
echo json_encode($array);
EDIT 12/5 12:00PM EST
I have rewritten what I was trying to do. Thanks again for pointers everyone! #MonkeyZeus and #Carth were extremely useful.
include '../../config.php';
include ROOT_DIR . "php/dbconnection/dbconnection_pdo.php";
$query = "SELECT * FROM site_users WHERE username = :username";
$query = $pdo->prepare($query);
$query->execute(array('username' => $_POST['username']));
$result = $query->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($result);
Going back to jquery:
function article_box_basic(category, limit, max_char_count, location) {
$.ajax(
{
type: "POST",
url: "<?php echo ROOT_URL; ?>php/content/article_box_basic.php",
data: {username: 'moltmans'},
success: function (data) {
var data = $.parseJSON(data);
Do something here with data
This is emphatically not a "secure" approach. Validation and control on the client side should be treated as an inherently insecure convenience for generating a request not a means of enforcing true security. Your server side code should be validating the request parameters within the context of who your user is and what they're doing. Since a user can set "dataset" to whatever they want it doesn't matter if the category variable is itself prone to injection based on its usage in the rest of the statement.
By exposing your schema on the client side like this you're revealing valuable information that there's no need to expose.
Related
here i need update more than 100s of data at time. this query works for me but its too slow at least it take 15 to 20 seconds to execute.
i have tried few things but failed
any help appreciated. iam still learner .
<?php
include "../connection.php";
if (isset($_POST['close_val'])) {
$item_cid = $_POST["item_cid"];
$item_id = $_POST["item_id"];
$op_date = $_POST["op_date"];
$op_value = $_POST["op_value"];
$close_date = $_POST["close_date"];
$close_val = $_POST["close_val"];
$PurchaseRate = $_POST["PurchaseRate"];
$GeneralRate = $_POST["GeneralRate"];
$WholeSaleRate = $_POST["WholeSaleRate"];
$WholeSaleQty = $_POST["WholeSaleQty"];
for ($count = 0; $count < count($item_id); $count++) {
$item_cid_clean = mysqli_real_escape_string($conn, $item_cid[$count]);
$item_id_clean = mysqli_real_escape_string($conn, $item_id[$count]);
$op_date_clean = mysqli_real_escape_string($conn, $op_date[$count]);
$op_value_clean = mysqli_real_escape_string($conn, $op_value[$count]);
$close_date_clean = mysqli_real_escape_string($conn, $close_date[$count]);
$close_val_clean = mysqli_real_escape_string($conn, $close_val[$count]);
$PurchaseRate_clean = mysqli_real_escape_string($conn, $PurchaseRate[$count]);
$GeneralRate_clean = mysqli_real_escape_string($conn, $GeneralRate[$count]);
$WholeSaleRate__clean = mysqli_real_escape_string($conn, $WholeSaleRate[$count]);
$WholeSaleQty_clean = mysqli_real_escape_string($conn, $WholeSaleQty[$count]);
$updatequery = "UPDATE table1 SET
`item_cid` = '" . $item_cid_clean . "',
`item_id` = '" . $item_id_clean . "',
`op_date` = '" . $op_date_clean . "',
`op_value` = '" . $op_value_clean . "',
`close_date` = '" . $close_date_clean . "',
`close_val` = '" . $close_val_clean . "',
`PurchaseRate` = '" . $PurchaseRate_clean . "',
`GeneralRate` = '" . $GeneralRate_clean . "',
`WholeSaleRate` = '" . $WholeSaleRate__clean . "',
`WholeSaleQty` = '" . $WholeSaleQty_clean . "'
WHERE close_date='" . $close_date_clean . "'
and `item_id` = '" . $item_id_clean . "' ";
mysqli_query($conn, $updatequery);
}
$return_arr = array('item_cid' => $item_cid, 'item_id' => $item_id, 'op_date' => $op_date, 'bar' => $item_type);
echo json_encode($return_arr);
}
?>
this ajax used to initialize Array to post to php
var item_cid = [];
var item_id = [];
var op_date = [];
var op_value = [];
var close_date = [];
var close_val = [];
var PurchaseRate = [];
var GeneralRate = [];
var WholeSaleRate = [];
var WholeSaleQty = [];
// Initializing array with Checkbox checked values
$("input[name='item_cid[]']").each(function() {
item_cid.push(this.value);
});
$("input[name='item_id[]']").each(function() {
item_id.push(this.value);
});
$("input[name='op_date[]']").each(function() {
op_date.push(this.value);
});
$("input[name='op_value[]']").each(function() {
op_value.push(this.value);
});
$("input[name='close_date[]']").each(function() {
close_date.push(this.value);
});
$("input[name='close_val[]']").each(function() {
close_val.push(this.value);
});
$("input[name='PurchaseRate[]']").each(function() {
PurchaseRate.push(this.value);
});
$("input[name='GeneralRate[]']").each(function() {
GeneralRate.push(this.value);
});
$("input[name='WholeSaleRate[]']").each(function() {
WholeSaleRate.push(this.value);
});
$("input[name='WholeSaleQty[]']").each(function() {
WholeSaleQty.push(this.value);
});
$.ajax({
url: myurl,
type: 'post',
data: {
item_cid: item_cid,
item_id: item_id,
op_date: op_date,
op_value: op_value,
close_date: close_date,
close_val: close_val,
PurchaseRate: PurchaseRate,
GeneralRate: GeneralRate,
WholeSaleRate: WholeSaleRate,
WholeSaleQty: WholeSaleQty
},
dataType: 'JSON',
success: function(response) {
//success
}
here php ajax html code every step checks out correct its working only php part of mysql query in loops needs fix.
If you prepare the query outside your loop you will compile the query only once. If you use mysqli_query() inside the loop you have to compile the query once per update, thats a overhead you can do without as it is a complete waste of time.
So write the query as a prepared parameterised query as below so you compile it once and then use it to execute the update multiple times. This wont make a magical improvement, but it shoudl be the way you always do your database quertying as it also preotects your database from SQL Injection Attack
$sql = "UPDATE table1
SET `item_cid` = ?, `item_id` = ?, `op_date` = ?
`op_value` = ?, `close_date` = ?, `close_val` = ?,
`PurchaseRate` = ?, `GeneralRate` = ?,
`WholeSaleRate` = ?, `WholeSaleQty` = ?
WHERE close_date=? and `item_id` = ?";
$stmt = $conn->prepare($sql);
foreach( $_POST["item_id"] as $idx => $itemid ) {
// you may have to check the data types used in here
// however mysqli does not normally care about that as much as you might hope
$stmt->bind_param('ssssssssssss',
$_POST["item_cid"][$idx],
$itemid,
$_POST["op_date"][$idx],
$_POST["op_value"][$idx],
$_POST["close_date"][$idx],
$_POST["close_val"][$idx],
$_POST["PurchaseRate"][$idx],
$_POST["GeneralRate"][$idx],
$_POST["WholeSaleRate"][$idx],
$_POST["WholeSaleQty"][$idx],
$_POST["close_date"][$idx],
$_POST["item_id"][$idx]
);
$stmt->execute();
}
// not sure what you are trying to do here
// as these are arrays and you do this after the loop
$return_arr = array('item_cid' => $item_cid, 'item_id' => $item_id, 'op_date' => $op_date, 'bar' => $item_type);
echo json_encode($return_arr);
}
If you don't already have this, it should help with speed:
INDEX(item_id, close_date)
For further discussion please provide
SHOW CREATE TABLE
A sample query after it is constructed. Two samples, if that generates lots of separate UPDATEs. Be sure to have different values for item_id and close date unless one of them does not change.
(You can leave out most of the columns.)
I may be able to show you how to do all the Updates in a single IODKU. (But currently the requirements are vague.)
here i'am trying to insert multiple rows at same time in my case more than 200-250 rows at same time but i got below error
Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini
but when i increased the max_input_vars = 3000 this solved problem was now iam able to insert but it is taking too much time.
i want to insert faster but need help
this is my php code
<?php
include "connection.php";
if (isset($_POST['close_val'])) {
$item_cid = $_POST["item_cid"];
$item_id = $_POST["item_id"];
$op_date = $_POST["op_date"];
$op_value = $_POST["op_value"];
$close_date = $_POST["close_date"];
$close_val = $_POST["close_val"];
// Converting the array to comma separated string
for ($count = 0; $count < count($item_id); $count++) {
$item_cid_clean = mysqli_real_escape_string($conn, $item_cid[$count]);
$item_id_clean = mysqli_real_escape_string($conn, $item_id[$count]);
$op_date_clean = mysqli_real_escape_string($conn, $op_date[$count]);
$op_value_clean = mysqli_real_escape_string($conn, $op_value[$count]);
$close_date_clean = mysqli_real_escape_string($conn, $close_date[$count]);
$close_val_clean = mysqli_real_escape_string($conn, $close_val[$count]);
$sql = "SELECT COUNT(*) AS cntuser from bar_opening_details WHERE `item_id` = '" . $item_id_clean . "' AND close_date='" . $close_date_clean . "' AND item_cid='" . $item_cid_clean . "' ";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
$count1 = $row['cntuser'];
if ($count1 > 0) {
// update
$updatequery = "UPDATE bar_opening_details SET
`item_cid` = '" . $item_cid_clean . "',
`item_id` = '" . $item_id_clean . "',
`op_date` = '" . $op_date_clean . "',
`op_value` = '" . $op_value_clean . "',
`close_date` = '" . $close_date_clean . "',
`close_val` = '" . $close_val_clean . "'
WHERE close_date='" . $close_date_clean . "' and `item_id` = '" . $item_id_clean . "' ";
mysqli_query($conn, $updatequery);
} else {
$insertquery = "INSERT INTO bar_opening_details
(item_cid,
item_id,
op_date,
op_value,
close_date,
close_val) values ('" . $item_cid_clean . "', '" . $item_id_clean . "', '" . $op_date_clean . "', '" . $op_value_clean . "', '" . $close_date_clean . "', '" . $close_val_clean . "')";
mysqli_query($conn, $insertquery);
}
}
// insert
$return_arr = array('item_cid' => $item_cid, 'item_id' => $item_id, 'op_date' => $op_date, "close_val" => $count);
echo json_encode($return_arr);
mysqli_close($conn);
}
here is my ajax code. using this iam able to sent request to insert but it is takin to much time
<script>
$(document).ready(function() {
// submit button click
$("#submit").click(function() {
$('#loading').show();
var item_cid = [];
var item_id = [];
var op_date = [];
var op_value = [];
var close_date = [];
var close_val = [];
var Toast = Swal.mixin({
toast: true,
position: 'top-end',
showConfirmButton: false,
timer: 3000
});
// Initializing array with Checkbox checked values
$("input[name='item_cid[]']").each(function() {
item_cid.push(this.value);
});
$("input[name='item_id[]']").each(function() {
item_id.push(this.value);
});
$("input[name='op_date[]']").each(function() {
op_date.push(this.value);
});
$("input[name='op_value[]']").each(function() {
op_value.push(this.value);
});
$("input[name='close_date[]']").each(function() {
close_date.push(this.value);
});
$("input[name='close_val[]']").each(function() {
close_val.push(this.value);
});
$.ajax({
url: 'lib/cbentry.php',
type: 'post',
data: {
item_cid: item_cid,
item_id: item_id,
op_date: op_date,
op_value: op_value,
close_date: close_date,
close_val: close_val
dataType: 'JSON',
success: function(response) {
$('.details').show();
// selecting values from response Object
var name = response.close_val;
$('#loading').hide();
// var email = response.email;
// var lang = response.lang;
// var foundjquery = response.foundjquery;
Toast.fire({
icon: 'success',
title: 'Data Entered Successfully'
})
// setting values
$('#name').text(name);
// $('#email').text(email);
// $('#lang').text(lang);
// $('#foundjquery').text(foundjquery);
}
});
});
});
</script>
JSON
A simple 2-line fix to allow for unlimited items: Suggest you encode the array into JSON for POSTing, then use json_decode() to turn it back into an array when it arrives in PHP.
But, I have to ask... Are there really hundreds of new (or changed) rows? If only a few rows, consider shipping one row at a time via AJAX to PHP -- perhaps based on whether a value has changed after the mouse leaves "focus". A lot of little AJAX calls would have a lot of overhead (launching many PHP threads), but the task would be finished by the time you leave the web page. It would "feel" as if every thing was "instantaneous". (OK, if you have a thousand users doing this same thing at the same time, this technique could overload the server.)
Arrays
Here's another approach: Use "arrays". If the input names end in []:
<input type=text name=x[] ">
the will come in as an array in $x. If you have multiple of these, then the subscripts (0, 1, ...) will let you match them up.
$list = GetArray('list');
function GetArray($fn) {
// Input an array of things from
// echo "<input type=checkbox name=\"fn[]\" value=\"$out_fn\" $checked>\n";
// url has &fn[]=aaa&fn[]=ccc
$req = #$_REQUEST[$fn]; // Note: this must NOT end in []
$fns = empty($req) ? [] :
(is_array($req) ? $req :
explode(',', $req));
return $fns; // always an array
}
($_REQUEST includes $_POST; change it if you would prefer)
INSERT
As for the speed of a MySQL insert... A single INSERT with 100 rows will run 10 times as fast 100 1-line INSERTs. So, if there are really hundreds of new rows, I recommend "batching" the inserts.
If most of the rows are already in the table, then INSERT IGNORE is a 'simple' way to deal with that. But... If there is an AUTO_INCREMENT id on the table, the dups will "burn" ids.
IODKU is the optimal way to deal with rows that are either new or modified. It, too, can be batched. But, it also burns ids if the query is not including the original id where available.
(I can elaborate, you you elaborate.)
On my website, I'm using ajax to send data to an external php script, which queries a database and returns the result to the website. I ran into the problem, that I can only return strings with php, but I want to return an array of objects (which is valid json). My code looks like this at the moment:
php
$connection = mysqli_connect($adrs, $usr, $pw, $db);
if(mysqli_connect_errno()) {
die(mysqli_connect_error());
}
if($_GET["feed"] == "hausaufgaben") {
$query = "SELECT fach, aufgabe, datum FROM hausaufgaben WHERE fachgruppe != '";
if($_GET["fremdsprache"] == "latein") {
$query .= "französisch";
}
else {
$query .= "latein";
}
$query .= "' AND fachgruppe != '";
if($_GET["englisch"] == "koch") {
$query .= "schopper";
}
else {
$query .= "koch";
}
$query .= "' AND datum > '" . date("Y-m-d") . "' ORDER BY datum ASC;";
$result = mysqli_query($connection, $query);
$data = [];
while($row = mysqli_fetch_row($result)) {
$object = '{"fach": "' . $row[0] . '", "datum": "' . $row[2] . '", "aufgabe": "' . $row[1] . '"}';
array_push($data, json_decode($object));
}
echo $data;
}
ajax
$.ajax({
type: "GET",
url: "php/getFeed.php",
cache: false,
dataType: "json",
data: {feed: "hausaufgaben", fremdsprache: this.fremdsprache, englisch: this.englisch}
})
.done(function(data, textStatus, jqXHR) {
alert(typeof(data));
this.hausaufgaben = data;
})
.fail(function(jqXHR, textStatus, error) {
alert("error: " + error);
});
It always throws the error "Unexpected token A". I got it to return each single line in the array as string, but I can't use a string in my website. My problem is, that I can't echo an array of objects with php and get the array with ajax.
Instead of trying to build a json string yourself you can do it all much easier by building the $data array using PHP data structures and then using json_encode() to convert it all to a JSON string for sending to your javascript.
Reference json_encode and json_decode
Like this :-
$data = [];
while($row = mysqli_fetch_object($result)) {
$data[] = $row;
}
echo json_encode($data);
You will also have to change you javascript to process an array of objects rather than a string, but that should be easy
I have an $.ajax function that posts to a php page and gets some results.
function GetLicenseCount(SoftwareNameFK, SoftwareTypeFK,LicenseMethodFK,MinistryFK )
{
$.ajax({
type: "GET",
url: "modules/SoftwareLicenseAllocations/GetLicenseCount.php",
data: {SoftwareName : SoftwareNameFK, SoftwareType: SoftwareTypeFK, LicenseMethod: LicenseMethodFK, Ministry: MinistryFK},
dataType: "json",
success: function(result) {
var LicenseCount = document.getElementById("txtLicenseCount");
var idHidden = document.getElementById("txtId");
//get id value from string, by using split and getting the first part before the delimeter
var id = result.split(",")[0];
//get second part of result using string
LicenseCount.value = result.split(",")[1];
idHidden.value = id;
},
error: function(reason) {
console.log(reason);
alert("Failed to get License Count");
}
});
}
GetLicenseCount.php
<?php
//Local include path format
set_include_path('C:\PROJECTS\BRIAN\AMS\Web Application;C:\PROJECTS\BRIAN\AMS\Web Application\inc\pear;C:\PROJECTS\BRIAN\AMS\Web Application\js;');
//Search Screen
require_once('vars.php');
require_once('funcs.php');
//read the parameter passed through URL
$SoftwareName = $_GET['SoftwareName'];
$SoftwareType = $_GET['SoftwareType'];
$LicenseMethod = $_GET['LicenseMethod'];
$Ministry = $_GET['Ministry'];
//formulate query - get all active departments
$queryString = "SELECT DISTINCT id, LicenseCount"
. " FROM SoftwareLicenseAllocations WHERE"
. " SoftwareTypeFK =" . $SoftwareType
. " AND SoftwareNameFK = " . $SoftwareName
. " AND LicenseMethodFK=" . $LicenseMethod
. " AND MinistryFK=" . $Ministry;
// $queryString = "SELECT DISTINCT LicenseCount"
// . " FROM SoftwareLicenseAllocations WHERE"
// . " SoftwareTypeFK =" . 2
// . " AND SoftwareNameFK = " . 2
// . " AND LicenseMethodFK=" . 2
// . " AND MinistryFK=" . 1 ;
$sla = GetOpenItDataSet($queryString);
//loop on result set to refresh the department options list
while ($row = mysql_fetch_array($sla))
{
$LicenseCount = $row["LicenseCount"];
$id = $row['id'];
}//endWhile
$_SESSION['id'] = 22;
//echo $departmentArray;
echo json_encode($id . "," . $LicenseCount);
//$_POST["lcID"] = $id;
I am trying to get one of the values passed on in the original page.
i tried using $_Session on GetLicenseCount.php but the variable remains null.
Is is possible to pass a variable from jQuery to PHP? If so, how?
EDIT:
The problem is that GetLicenseCount is supposed to pass id, which it is doing, but I cannot use it in the original page via PHP, only via jQuery. When I come to use the $_SESSION['id'] through the original/previous php page it remains null.. The jQuery block is contained in another php page.
i've encountered a problem changing php variable that is respobsible for showing content
here's my JS code:
$(document).ready(function(){
var ajax = 1;
var button;
$('.tagbtn').click(function(){
button = $(this);
$(this).siblings("ul").slideToggle('slow', function(){
$('.selection').click(function(){
var number = $(this).children('h1').html();
button.html(number);
$(this).parent('ul').slideUp('slow');
var data = 'number=' + number;
$.ajax({
type:'POST',
//url: 'ajax-realizacje.html',
url: 'aktualnosci.class.php',
async: true,
data: data,
success: function(){
limit_page = number;
}
});
});
});
});
});
limit_page is the variable from the external file, which i am trying to change
and here's my php function that loads the content:
function LoadArticles($pages = 0, $page = 0) {
$start = ($pages - $page) * $this->limit_page;
$q = "SELECT p.*, d.title, d.title_url, d.content, d.content_short, d.tagi FROM " . $this->table . " p ";
$q .= "LEFT JOIN " . $this->tableDescription . " d ON p.id=d.parent_id ";
$q .= "WHERE d.language_id=? AND p.active=1 AND d.active=1 ";
$q .= "ORDER BY p.date_add DESC, p.id DESC ";
$q .= "LIMIT ?,? ";
$params = array(
array(dbStatement::INTEGER, _ID),
array(dbStatement::INTEGER, $start),
array(dbStatement::INTEGER, $this->limit_page)
);
$statement = $this->db->query($q, $params);
$articles = array();
while ($row = $statement->fetch_assoc()) {
$row['content'] = strip_tags($row['content']);
$row['url'] = BASE_URL . '/' . $this->modul . '/' . $row['title_url'] . '.html';
$row['photo'] = $this->getPhotoUrl($row['photo']);
$row['date_add_org'] = $row['date_add'];
if (!empty($row['tagi'])) {
$row['tagi_url'] = explode('|', str_replace(' ', '-', $row['tagi']));
$row['tagi'] = explode('|', $row['tagi']);
}
$row['date_add'] = date("j", strtotime($row['date_add_org'])) . " " . miesiac2(date("n", strtotime($row['date_add_org']))) . " " . date("Y", strtotime($row['date_add_org'])) . "r";
$articles[] = $row;
}
return $articles;
}
the problem is that ajax doesn't seem to change that php variable
would appreciate your help
if it's just a text on a file you can read it by using:
$this->limit_page = file_get_contents('path/to/file');