nextab · December 19, 2023 13:09
diff --git a/Get fields für JetEngine - Lookup für mehrere Values in JetEngine DB Table.php b/Get fields für JetEngine - Lookup für mehrere Values in JetEngine DB Table.php
 #region CCT Lookup (multiple values) - Get multiple fields in CCT from JetEngine table
 /**
 * 
 * @param array $find_columns array of column names to find
 * @param string $needle - value that needs to be checked against
 * @param string $lookup_column - column name to check $needle against
 * @param string $table - slug of the CCT; global WPDB prefix and 'jet_cct_' will be appended; defaults to 'user_information'
 * 
 * @return array|null returns an associative array of the $find_columns if the $lookup_column matches the $needle; null if no match is found
 * 
 * Example:
 * 
 * 
 */
 function get_jet_fields($find_columns, $needle, $lookup_column = 'cct_single_post_id', $table = 'zmmt_events'): ?array {
 	global $wpdb;
 	$table_name = $wpdb->prefix . 'jet_cct_' . sanitize_text_field($table);
 	$lookup_column = sanitize_text_field($lookup_column);
 	$columns = verify_column_names(array_map('sanitize_text_field', $find_columns), $table);
 	$columns_list = implode(', ', $columns);
 	// You should ensure that the column names are safe since they cannot be parameterized
 	$query = $wpdb->prepare(
 		"SELECT $columns_list FROM $table_name WHERE $lookup_column = %s",
 		$needle
 	);
 	// Execute the query
 	$results = $wpdb->get_results($query, ARRAY_A);
 	// Return the result if available
 	return $results ? $results[0] : null;
 }
 #endregion CCT Lookup - Get multiple fields in CCT from JetEngine table

 #region verify column names / security function against SQL injection
 /**
 * 
 * @param array $input_columns array of column names to check against the CCT / database table
 * @param string $table_name slug of the CCT / database table; global WPDB prefix and 'jet_cct_' will be appended; defaults to 'zmmt_events'
 * 
 * This function is used to check an array of column names against the existing columns inside a given table. It returns an array of valid column names. It is used to increase security against SQL injection.
 * 
 */
 function verify_column_names($input_columns, $table_name = 'zmmt_events'): array {
 	global $wpdb;
 	$safe_columns = [];
 	$mapped_table_name = $wpdb->prefix . 'jet_cct_' . sanitize_text_field($table_name);
 	// Fetch the list of columns from the database
 	$columns = $wpdb->get_results("SHOW COLUMNS FROM $mapped_table_name");
 	if ($columns) {
 		// Create an array of valid column names
 		$valid_columns = array_column($columns, 'Field');
 		
 		// Check each input column against the valid columns
 		foreach ($input_columns as $column) {
 			if (in_array($column, $valid_columns)) {
 				$safe_columns[] = $column;
 			}
 		}
 	}
 	return $safe_columns;
 }
 #endregion verify column names / security function against SQL injection
	#region CCT Lookup (multiple values) - Get multiple fields in CCT from JetEngine table
	/**
	*
	* @param array $find_columns array of column names to find
	* @param string $needle - value that needs to be checked against
	* @param string $lookup_column - column name to check $needle against
	* @param string $table - slug of the CCT; global WPDB prefix and 'jet_cct_' will be appended; defaults to 'user_information'
	*
	* @return array\|null returns an associative array of the $find_columns if the $lookup_column matches the $needle; null if no match is found
	*
	* Example:
	*
	*
	*/
	function get_jet_fields($find_columns, $needle, $lookup_column = 'cct_single_post_id', $table = 'zmmt_events'): ?array {
	global $wpdb;
	$table_name = $wpdb->prefix . 'jet_cct_' . sanitize_text_field($table);
	$lookup_column = sanitize_text_field($lookup_column);
	$columns = verify_column_names(array_map('sanitize_text_field', $find_columns), $table);
	$columns_list = implode(', ', $columns);
	// You should ensure that the column names are safe since they cannot be parameterized
	$query = $wpdb->prepare(
	"SELECT $columns_list FROM $table_name WHERE $lookup_column = %s",
	$needle
	);
	// Execute the query
	$results = $wpdb->get_results($query, ARRAY_A);
	// Return the result if available
	return $results ? $results[0] : null;
	}
	#endregion CCT Lookup - Get multiple fields in CCT from JetEngine table

	#region verify column names / security function against SQL injection
	/**
	*
	* @param array $input_columns array of column names to check against the CCT / database table
	* @param string $table_name slug of the CCT / database table; global WPDB prefix and 'jet_cct_' will be appended; defaults to 'zmmt_events'
	*
	* This function is used to check an array of column names against the existing columns inside a given table. It returns an array of valid column names. It is used to increase security against SQL injection.
	*
	*/
	function verify_column_names($input_columns, $table_name = 'zmmt_events'): array {
	global $wpdb;
	$safe_columns = [];
	$mapped_table_name = $wpdb->prefix . 'jet_cct_' . sanitize_text_field($table_name);
	// Fetch the list of columns from the database
	$columns = $wpdb->get_results("SHOW COLUMNS FROM $mapped_table_name");
	if ($columns) {
	// Create an array of valid column names
	$valid_columns = array_column($columns, 'Field');

	// Check each input column against the valid columns
	foreach ($input_columns as $column) {
	if (in_array($column, $valid_columns)) {
	$safe_columns[] = $column;
	}
	}
	}
	return $safe_columns;
	}
	#endregion verify column names / security function against SQL injection
No results found