DataTables 1.9.4 - Limiting Results

Question

I am using DataTables-1.9.4 with server-side processing and everything is working great, but my table is returning EVERYTHING from the table! That's a total of 3,147 entries, growing daily...

Example: www.hunterpdx.com/metro_new_copy/view-reports-test.php

Is there a way to limit the return to show data specifically associated with a particular user: WHERE company = $_SESSION['company']? I'm certain this can be done, but I've spent days on this and have gotten nowhere...

I'm using the basic initialization code (even left the table ID the same):

$(document).ready(function() {
    $('#example').dataTable( {
        "bProcessing": true,
        "bServerSide": true,
        "sAjaxSource": "../server_side/scripts/server_processing.php"
    } );
} );

The only things I've changed on the server_processing.php file are the aColumns array and the database connection information:

<?php
    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
     * Easy set variables
     */

    /* Array of database columns which should be read and sent back to DataTables. Use a space where
     * you want to insert a non-database field (for example a counter or static image)
     */
    $aColumns = array( 'company', 'bldg', 'report', 'freq', 'report_date', 'file_path' );

    /* Indexed column (used for fast and accurate table cardinality) */
    $sIndexColumn = "report_id";

    /* DB table to use */
    $sTable = "uploads";

    /* Database connection information */
    $gaSql['user']       = "root";
    $gaSql['password']   = "";
    $gaSql['db']         = "members";
    $gaSql['server']     = "localhost";

I'm assuming it has to do something with this portion of server_processing.php:

/*
 * Filtering
 * NOTE this does not match the built-in DataTables filtering which does it
 * word by word on any field. It's possible to do here, but concerned about efficiency
 * on very large tables, and MySQL's regex functionality is very limited
 */
$sWhere = "";
if ( isset($_GET['sSearch']) && $_GET['sSearch'] != "" )
{
    $sWhere = "WHERE (";
    for ( $i=0 ; $i<count($aColumns) ; $i++ )
    {
        $sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string( $_GET['sSearch'] )."%' OR ";
    }
    $sWhere = substr_replace( $sWhere, "", -3 );
    $sWhere .= ')';
}

/* Individual column filtering */
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
    if ( isset($_GET['bSearchable_'.$i]) && $_GET['bSearchable_'.$i] == "true" && $_GET['sSearch_'.$i] != '' )
    {
        if ( $sWhere == "" )
        {
            $sWhere = "WHERE ";
        }
        else
        {
            $sWhere .= " AND ";
        }
        $sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string($_GET['sSearch_'.$i])."%' ";
    }
}

The goal here is to make sure that the user only sees data associated with his company (even when using the built-in filtering search):

WHERE company = '$_SESSION['company']' 

The site going live is literally hinging on this being done, so I'm in serious need of help! Can this be done? And how?

Answer 1

Thanks go out to @Maximus2012 for walking me through this one! The answer was simple:

Call session_start(); at the top of the server_processing.php page!

To filter for the specific session, I set a user-specific variable below the session start:

$userCompany = $_SESSION['company'];

and then called the variable in the filtering portion of the code by changing the first:

$sWhere = "";

to

$sWhere = "WHERE company = '".$userCompany."'";

Finally, to make sure the search filter didn't get around the initial filter, I changed the

$sWhere .= ')';

to

$sWhere .= ") AND company = '".$userCompany."'";