Revision 238
Added by stefan over 18 years ago
| search.php | ||
|---|---|---|
| 35 | 35 |
$items_listed = array(); |
| 36 | 36 |
|
| 37 | 37 |
// Get search string |
| 38 |
if(isset($_REQUEST['string'])) {
|
|
| 39 |
if ($_REQUEST['match']!='exact') {
|
|
| 40 |
$string=str_replace(',', '', $_REQUEST['string']);
|
|
| 38 |
if(isset($_REQUEST['string'])) {
|
|
| 39 |
if ($_REQUEST['match']!='exact') {
|
|
| 40 |
$string=str_replace(',', '', $_REQUEST['string']);
|
|
| 41 | 41 |
} else {
|
| 42 | 42 |
$string=$_REQUEST['string']; |
| 43 | 43 |
} |
| 44 |
// reverse potential magic_quotes action |
|
| 45 |
$original_string=$wb->strip_slashes($string); |
|
| 46 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
|
| 44 |
// reverse potential magic_quotes action
|
|
| 45 |
$original_string=$wb->strip_slashes($string);
|
|
| 46 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons)
|
|
| 47 | 47 |
$string = addslashes($wb->escape_backslashes($original_string)); |
| 48 |
// then escape for mySQL query |
|
| 48 |
// then escape for mySQL query
|
|
| 49 | 49 |
$search_string = htmlspecialchars($original_string,ENT_QUOTES); |
| 50 | 50 |
} else {
|
| 51 | 51 |
$string = ''; |
| ... | ... | |
| 55 | 55 |
// Work-out what to do (match all words, any words, or do exact match), and do relevant with query settings |
| 56 | 56 |
$all_checked = ''; |
| 57 | 57 |
$any_checked = ''; |
| 58 |
$exact_checked = ''; |
|
| 58 |
$exact_checked = '';
|
|
| 59 | 59 |
if($_REQUEST['match'] != 'exact') {
|
| 60 | 60 |
// Split string into array with explode() function |
| 61 | 61 |
$exploded_string = explode(' ', $string);
|
| ... | ... | |
| 66 | 66 |
$string[] = $each_exploded_string; |
| 67 | 67 |
} |
| 68 | 68 |
} |
| 69 |
if ($_REQUEST['match'] == 'any') {
|
|
| 70 |
$any_checked = ' checked'; |
|
| 71 |
$logical_operator = ' OR'; |
|
| 72 |
} else {
|
|
| 73 |
$all_checked = ' checked'; |
|
| 74 |
$logical_operator = ' AND'; |
|
| 75 |
} |
|
| 69 |
if ($_REQUEST['match'] == 'any') {
|
|
| 70 |
$any_checked = ' checked';
|
|
| 71 |
$logical_operator = ' OR';
|
|
| 72 |
} else {
|
|
| 73 |
$all_checked = ' checked';
|
|
| 74 |
$logical_operator = ' AND';
|
|
| 75 |
}
|
|
| 76 | 76 |
} else {
|
| 77 | 77 |
$exact_checked = ' checked'; |
| 78 |
$exact_string=$string; |
|
| 79 |
$string=array(); |
|
| 80 |
$string[]=$exact_string; |
|
| 78 |
$exact_string=$string;
|
|
| 79 |
$string=array();
|
|
| 80 |
$string[]=$exact_string;
|
|
| 81 | 81 |
} |
| 82 | 82 |
// Get list of usernames and display names |
| 83 | 83 |
$query_users = $database->query("SELECT user_id,username,display_name FROM ".TABLE_PREFIX."users");
|
| ... | ... | |
| 208 | 208 |
if($count != 0) { $prepared_query .= $logical_operator; }
|
| 209 | 209 |
$prepared_query .= str_replace('[STRING]', $each_string, $query_body);
|
| 210 | 210 |
$count = $count+1; |
| 211 |
} |
|
| 211 |
}
|
|
| 212 | 212 |
$prepared_query .= $query_end; |
| 213 | 213 |
// Execute query |
| 214 | 214 |
$query = $database->query($prepared_query); |
Also available in: Unified diff
Fixed inconsistent line ending styles