I am using DataTables-1.9.4 with server-side processing and everything is working great, but my table is returning EVERYTHING from the table! That's a total of 3,147 entries, growing daily...
Example: www.hunterpdx.com/metro_new_copy/view-reports-test.php
Is there a way to limit the return to show data specifically associated with a particular user: WHERE company = $_SESSION['company']?
I'm certain this can be done, but I've spent days on this and have gotten nowhere...
I'm using the basic initialization code (even left the table ID the same):
$(document).ready(function() {
$('#example').dataTable( {
"bProcessing": true,
"bServerSide": true,
"sAjaxSource": "../server_side/scripts/server_processing.php"
} );
} );
The only things I've changed on the server_processing.php file are the aColumns array and the database connection information:
<?php
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* Easy set variables
*/
/* Array of database columns which should be read and sent back to DataTables. Use a space where
* you want to insert a non-database field (for example a counter or static image)
*/
$aColumns = array( 'company', 'bldg', 'report', 'freq', 'report_date', 'file_path' );
/* Indexed column (used for fast and accurate table cardinality) */
$sIndexColumn = "report_id";
/* DB table to use */
$sTable = "uploads";
/* Database connection information */
$gaSql['user'] = "root";
$gaSql['password'] = "";
$gaSql['db'] = "members";
$gaSql['server'] = "localhost";
I'm assuming it has to do something with this portion of server_processing.php:
/*
* Filtering
* NOTE this does not match the built-in DataTables filtering which does it
* word by word on any field. It's possible to do here, but concerned about efficiency
* on very large tables, and MySQL's regex functionality is very limited
*/
$sWhere = "";
if ( isset($_GET['sSearch']) && $_GET['sSearch'] != "" )
{
$sWhere = "WHERE (";
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
$sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string( $_GET['sSearch'] )."%' OR ";
}
$sWhere = substr_replace( $sWhere, "", -3 );
$sWhere .= ')';
}
/* Individual column filtering */
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
if ( isset($_GET['bSearchable_'.$i]) && $_GET['bSearchable_'.$i] == "true" && $_GET['sSearch_'.$i] != '' )
{
if ( $sWhere == "" )
{
$sWhere = "WHERE ";
}
else
{
$sWhere .= " AND ";
}
$sWhere .= "`".$aColumns[$i]."` LIKE '%".mysql_real_escape_string($_GET['sSearch_'.$i])."%' ";
}
}
The goal here is to make sure that the user only sees data associated with his company (even when using the built-in filtering search):
WHERE company = '$_SESSION['company']'
The site going live is literally hinging on this being done, so I'm in serious need of help! Can this be done? And how?
Thanks go out to @Maximus2012 for walking me through this one! The answer was simple:
Call session_start();
at the top of the server_processing.php page!
To filter for the specific session, I set a user-specific variable below the session start:
$userCompany = $_SESSION['company'];
and then called the variable in the filtering portion of the code by changing the first:
$sWhere = "";
to
$sWhere = "WHERE company = '".$userCompany."'";
Finally, to make sure the search filter didn't get around the initial filter, I changed the
$sWhere .= ')';
to
$sWhere .= ") AND company = '".$userCompany."'";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.