diff options
author | Gemorroj <wapinet@mail.ru> | 2012-04-08 11:41:24 +0400 |
---|---|---|
committer | Gemorroj <wapinet@mail.ru> | 2012-04-08 11:41:24 +0400 |
commit | 6e8bc0dd74e882574be83f005326b9426e53cb6d (patch) | |
tree | 448c4c924039a9eaa24a14d6a6985e93ea53f419 /tbl_chart.php | |
parent | 60eccbdce1fc2eb248ae9431c75fe77f8befbbaa (diff) |
Fixed title with table name is "test<>'"&test&&]]>", fixed chart with column name and data is "test<>'"&test&&]]>", some improvements.
Diffstat (limited to 'tbl_chart.php')
-rw-r--r-- | tbl_chart.php | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/tbl_chart.php b/tbl_chart.php index 83ae074614..01d32f3f5d 100644 --- a/tbl_chart.php +++ b/tbl_chart.php @@ -104,7 +104,7 @@ url_query = '<?php echo $url_query;?>'; foreach ($keys as $idx => $key) { if ($yaxis == -1 && (($idx == count($data[0]) - 1) || preg_match("/(date|time)/i", $key))) { - echo '<option value="' . htmlspecialchars($idx) . '" selected>' . htmlspecialchars($key) . '</option>'; + echo '<option value="' . htmlspecialchars($idx) . '" selected="selected">' . htmlspecialchars($key) . '</option>'; $yaxis=$idx; } else { echo '<option value="' . htmlspecialchars($idx) . '">' . htmlspecialchars($key) . '</option>'; @@ -137,25 +137,17 @@ url_query = '<?php echo $url_query;?>'; <p style="clear:both;"> </p> <div id="resizer" style="width:600px; height:400px;"> <div id="inner-resizer"> - <div id="querychart" style="display:none;"> -<?php -$sanitized_data = array(); -foreach ($data as $data_row_number => $data_row) { - $tmp_row = array(); - foreach ($data_row as $data_column => $data_value) { - $tmp_row[htmlspecialchars($data_column)] = htmlspecialchars($data_value); - } - $sanitized_data[] = $tmp_row; -} -echo json_encode($sanitized_data); -unset($sanitized_data); -?> - </div> + <div id="querychart" style="display:none;"></div> </div> </div> </fieldset> </form> </div> +<script type="text/javascript"> +//<![CDATA[ + chart_data = <?php echo strtr(json_encode($data), array('<' => '<', '>' => '>')); ?>; +//]]> +</script> <?php /** * Displays the footer |