Revision 38
Added by stefan about 20 years ago
| search.php | ||
|---|---|---|
| 35 | 35 |
$items_listed = array(); |
| 36 | 36 |
|
| 37 | 37 |
// Get search string |
| 38 |
if(isset($_POST['string'])) {
|
|
| 39 |
$string = addslashes(addslashes(str_replace(',', '', $_POST['string'])));
|
|
| 40 |
$search_string = htmlspecialchars($this->stripslashes(str_replace(',', '', $_POST['string'])),ENT_QUOTES);
|
|
| 38 |
if(isset($_REQUEST['string'])) {
|
|
| 39 |
if ($_REQUEST['match']!='exact') {
|
|
| 40 |
$string=str_replace(',', '', $_REQUEST['string']);
|
|
| 41 |
} |
|
| 42 |
// reverse potential magic_quotes action |
|
| 43 |
$original_string=$this->stripslashes($string); |
|
| 44 |
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons) |
|
| 45 |
$string = addslashes($this->escape_backslashes($original_string)); |
|
| 46 |
// then escape for mySQL query |
|
| 47 |
$search_string = htmlspecialchars($original_string,ENT_QUOTES); |
|
| 41 | 48 |
} else {
|
| 42 | 49 |
$string = ''; |
| 43 | 50 |
$search_string = ''; |
| ... | ... | |
| 46 | 53 |
// Work-out what to do (match all words, any words, or do exact match), and do relevant with query settings |
| 47 | 54 |
$all_checked = ''; |
| 48 | 55 |
$any_checked = ''; |
| 49 |
$exact_checked = ''; |
|
| 50 |
if(!isset($_POST['match'])) {
|
|
| 51 |
$match = 'all'; |
|
| 52 |
$operator = 'LIKE'; |
|
| 53 |
$wildcard = '%'; |
|
| 54 |
$all_checked = ' checked'; |
|
| 55 |
} elseif($_POST['match'] == 'all') {
|
|
| 56 |
$match = 'all'; |
|
| 57 |
$operator = 'LIKE'; |
|
| 58 |
$wildcard = '%'; |
|
| 59 |
$all_checked = ' checked'; |
|
| 60 |
} elseif($_POST['match'] == 'any') {
|
|
| 61 |
$match = 'any'; |
|
| 62 |
$operator = 'LIKE'; |
|
| 63 |
$wildcard = '%'; |
|
| 64 |
$any_checked = ' checked'; |
|
| 56 |
$exact_checked = ''; |
|
| 57 |
if($_REQUEST['match'] == 'any' OR $_REQUEST['match'] == 'all') {
|
|
| 65 | 58 |
// Split string into array with explode() function |
| 66 | 59 |
$exploded_string = explode(' ', $string);
|
| 67 | 60 |
// Make sure there is no blank values in the array |
| ... | ... | |
| 71 | 64 |
$string[] = $each_exploded_string; |
| 72 | 65 |
} |
| 73 | 66 |
} |
| 74 |
} elseif($_POST['match'] == 'exact') {
|
|
| 75 |
$match = 'exact'; |
|
| 76 |
$operator = '='; |
|
| 77 |
$wildcard = ''; |
|
| 67 |
if ($_REQUEST['match'] == 'any') {
|
|
| 68 |
$any_checked = ' checked'; |
|
| 69 |
$logical_operator = ' OR'; |
|
| 70 |
} else {
|
|
| 71 |
$all_checked = ' checked'; |
|
| 72 |
$logical_operator = ' AND'; |
|
| 73 |
} |
|
| 74 |
} else {
|
|
| 78 | 75 |
$exact_checked = ' checked'; |
| 79 |
} else {
|
|
| 80 |
$match = 'all'; |
|
| 81 |
$operator = 'LIKE'; |
|
| 82 |
$wildcard = '%'; |
|
| 83 |
$all_checked = ' checked'; |
|
| 84 |
} |
|
| 85 |
|
|
| 76 |
$exact_string=$string; |
|
| 77 |
$string=array(); |
|
| 78 |
$string[]=$exact_string; |
|
| 79 |
} |
|
| 86 | 80 |
// Get list of usernames and display names |
| 87 | 81 |
$query_users = $database->query("SELECT user_id,username,display_name FROM ".TABLE_PREFIX."users");
|
| 88 | 82 |
$users = array('0' => array('display_name' => $TEXT['UNKNOWN'], 'username' => strtolower($TEXT['UNKNOWN'])));
|
| ... | ... | |
| 139 | 133 |
// Show search results_header |
| 140 | 134 |
echo $search_results_header; |
| 141 | 135 |
// Search page details only, such as description, keywords, etc. |
| 142 |
if($match == 'all' OR $match == 'exact') {
|
|
| 143 |
$query_pages = $database->query("SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by FROM ".TABLE_PREFIX."pages".
|
|
| 144 |
" WHERE visibility != 'none' AND visibility != 'deleted' AND page_title $operator '$wildcard$string$wildcard' AND searching = '1' ". |
|
| 145 |
" OR visibility != 'none' AND visibility != 'deleted' AND menu_title $operator '$wildcard$string$wildcard' AND searching = '1'". |
|
| 146 |
" OR visibility != 'none' AND visibility != 'deleted' AND description $operator '$wildcard$string$wildcard' AND searching = '1'". |
|
| 147 |
" OR visibility != 'none' AND visibility != 'deleted' AND keywords $operator '$wildcard$string$wildcard' AND searching = '1'"); |
|
| 148 |
} elseif($match == 'any') {
|
|
| 149 | 136 |
$query_pages = "SELECT page_id, page_title, menu_title, link, description, modified_when, modified_by FROM ".TABLE_PREFIX."pages WHERE "; |
| 150 | 137 |
$count = 0; |
| 151 | 138 |
foreach($string AS $each_string) {
|
| 152 |
if($count != 0) { $query_pages .= ' OR'; }
|
|
| 153 |
$query_pages .= " visibility != 'none' AND page_title $operator '$wildcard$each_string$wildcard' AND searching = '1'".
|
|
| 154 |
" OR visibility != 'none' AND visibility != 'deleted' AND menu_title $operator '$wildcard$each_string$wildcard' AND searching = '1'".
|
|
| 155 |
" OR visibility != 'none' AND visibility != 'deleted' AND description $operator '$wildcard$each_string$wildcard' AND searching = '1'".
|
|
| 156 |
" OR visibility != 'none' AND visibility != 'deleted' AND keywords $operator '$wildcard$each_string$wildcard' AND searching = '1'";
|
|
| 139 |
if($count != 0) { $query_pages .= $logical_operator; }
|
|
| 140 |
$query_pages .= " visibility != 'none' AND page_title LIKE '%$each_string%' AND searching = '1'".
|
|
| 141 |
" OR visibility != 'none' AND visibility != 'deleted' AND menu_title LIKE '%$each_string%' AND searching = '1'".
|
|
| 142 |
" OR visibility != 'none' AND visibility != 'deleted' AND description LIKE '%$each_string%' AND searching = '1'".
|
|
| 143 |
" OR visibility != 'none' AND visibility != 'deleted' AND keywords LIKE '%$each_string%' AND searching = '1'";
|
|
| 157 | 144 |
$count = $count+1; |
| 158 | 145 |
} |
| 159 | 146 |
$query_pages = $database->query($query_pages); |
| 160 |
} |
|
| 161 | 147 |
// Loop through pages |
| 162 | 148 |
if($query_pages->numRows() > 0) {
|
| 163 | 149 |
while($page = $query_pages->fetchRow()) {
|
| ... | ... | |
| 212 | 198 |
// Fetch query start |
| 213 | 199 |
$fetch_query_body = $get_query_body->fetchRow(); |
| 214 | 200 |
// Prepare query body for execution by replacing {STRING} with the correct one
|
| 215 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,$operator,$wildcard), $this->stripslashes($fetch_query_body['value']));
|
|
| 216 |
// If we need to match any of the words, loop through the body for each one then combine with start and end, otherwise just combine without looping |
|
| 217 |
if($match == 'any') {
|
|
| 218 |
// Loop through query body for each string, then combine with start and end |
|
| 219 |
$prepared_query = $query_start; |
|
| 220 |
$count = 0; |
|
| 221 |
foreach($string AS $each_string) {
|
|
| 222 |
if($count != 0) { $prepared_query .= 'OR'; }
|
|
| 223 |
$prepared_query .= str_replace('[STRING]', $each_string, $query_body);
|
|
| 224 |
$count = $count+1; |
|
| 225 |
} |
|
| 226 |
$prepared_query .= $query_end; |
|
| 227 |
} else {
|
|
| 228 |
// Replace {STRING} with $string, then combine with start and end
|
|
| 229 |
$prepared_query = $query_start.str_replace('[STRING]', $string, $query_body).$query_end;
|
|
| 230 |
} |
|
| 201 |
$query_body = str_replace(array('[TP]','[O]','[W]'), array(TABLE_PREFIX,'LIKE','%'), $this->stripslashes($fetch_query_body['value']));
|
|
| 202 |
// Loop through query body for each string, then combine with start and end |
|
| 203 |
$prepared_query = $query_start; |
|
| 204 |
$count = 0; |
|
| 205 |
foreach($string AS $each_string) {
|
|
| 206 |
if($count != 0) { $prepared_query .= $logical_operator; }
|
|
| 207 |
$prepared_query .= str_replace('[STRING]', $each_string, $query_body);
|
|
| 208 |
$count = $count+1; |
|
| 209 |
} |
|
| 210 |
$prepared_query .= $query_end; |
|
| 231 | 211 |
// Execute query |
| 232 | 212 |
$query = $database->query($prepared_query); |
| 233 | 213 |
// Loop though queried items |
Also available in: Unified diff
Reworked search.php, fixed typo in media/browse.html.