Rev 148 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 148 | Rev 150 | ||
---|---|---|---|
Line 114... | Line 114... | ||
114 | $out['text'] .= '<p><font color="red">Error: Search term minimum length is '.$min_length.' characters.</font></p>'; |
114 | $out['text'] .= '<p><font color="red">Error: Search term minimum length is '.$min_length.' characters.</font></p>'; |
115 | } else { |
115 | } else { |
116 | if ($ns == 'oidplus:ra') { |
116 | if ($ns == 'oidplus:ra') { |
117 | $out['text'] .= '<h2>Search results for RA "'.htmlentities($search_term).'"</h2>'; |
117 | $out['text'] .= '<h2>Search results for RA "'.htmlentities($search_term).'"</h2>'; |
118 | 118 | ||
119 | $where = array(); |
119 | $sql_where = array(); $prep_where = array(); |
120 | $where[] = "email like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; |
120 | $sql_where[] = "email like ?"; $prep_where[] = '%'.$search_term.'%'; |
121 | $where[] = "ra_name like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; |
121 | $sql_where[] = "ra_name like ?"; $prep_where[] = '%'.$search_term.'%'; |
122 | 122 | ||
123 | if (count($where) == 0) $where[] = '1=0'; |
123 | if (count($sql_where) == 0) $sql_where[] = '1=0'; |
124 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where (".implode(' or ', $where).")"); |
124 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where (".implode(' or ', $sql_where).")", $prep_where); |
125 | 125 | ||
126 | $count = 0; |
126 | $count = 0; |
127 | while ($row = OIDplus::db()->fetch_object($res)) { |
127 | while ($row = OIDplus::db()->fetch_object($res)) { |
128 | $email = str_replace('@', '&', $row->email); |
128 | $email = str_replace('@', '&', $row->email); |
129 | $out['text'] .= '<p><a '.oidplus_link('oidplus:rainfo$'.str_replace('@','&',$email)).'>'.htmlentities($email).'</a>: <b>'.htmlentities($row->ra_name).'</b></p>'; |
129 | $out['text'] .= '<p><a '.oidplus_link('oidplus:rainfo$'.str_replace('@','&',$email)).'>'.htmlentities($email).'</a>: <b>'.htmlentities($row->ra_name).'</b></p>'; |
Line 133... | Line 133... | ||
133 | $out['text'] .= '<p>Nothing found</p>'; |
133 | $out['text'] .= '<p>Nothing found</p>'; |
134 | } |
134 | } |
135 | } else { |
135 | } else { |
136 | $out['text'] .= '<h2>Search results for "'.htmlentities($search_term).'" ('.htmlentities($ns).')</h2>'; |
136 | $out['text'] .= '<h2>Search results for "'.htmlentities($search_term).'" ('.htmlentities($ns).')</h2>'; |
137 | 137 | ||
138 | $where = array(); |
138 | $sql_where = array(); $prep_where = array(); |
139 | $where[] = "id like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; // TODO: should we rather do findFitting(), so we can e.g. find GUIDs with different notation? |
139 | $sql_where[] = "id like ?"; $prep_where[] = '%'.$search_term.'%'; // TODO: should we rather do findFitting(), so we can e.g. find GUIDs with different notation? |
140 | if (isset($_POST["search_title"])) $where[] = "title like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; |
140 | if (isset($_POST["search_title"])) { $sql_where[] = "title like ?"; $prep_where[] = '%'.$search_term.'%'; } |
141 | if (isset($_POST["search_description"])) $where[] = "description like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; |
141 | if (isset($_POST["search_description"])) { $sql_where[] = "description like ?"; $prep_where[] = '%'.$search_term.'%'; } |
142 | 142 | ||
143 | if (isset($_POST["search_asn1id"])) { |
143 | if (isset($_POST["search_asn1id"])) { |
144 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."asn1id where name like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"); |
144 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."asn1id where name like ?", array('%'.$search_term.'%')); |
145 | while ($row = OIDplus::db()->fetch_object($res)) { |
145 | while ($row = OIDplus::db()->fetch_object($res)) { |
146 | $where[] = "id = '".OIDplus::db()->real_escape_string($row->oid)."'"; |
146 | $sql_where[] = "id = ?"; $prep_where[] = $row->oid; |
147 | } |
147 | } |
148 | } |
148 | } |
149 | 149 | ||
150 | if (isset($_POST["search_iri"])) { |
150 | if (isset($_POST["search_iri"])) { |
151 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."iri where name like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"); |
151 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."iri where name like ?", array('%'.$search_term.'%')); |
152 | while ($row = OIDplus::db()->fetch_object($res)) { |
152 | while ($row = OIDplus::db()->fetch_object($res)) { |
153 | $where[] = "id = '".OIDplus::db()->real_escape_string($row->oid)."'"; |
153 | $sql_where[] = "id = ?"; $prep_where[] = $row->oid; |
154 | } |
154 | } |
155 | } |
155 | } |
156 | 156 | ||
157 | if (count($where) == 0) $where[] = '1=0'; |
157 | if (count($sql_where) == 0) $sql_where[] = '1=0'; |
- | 158 | array_unshift($prep_where, $ns.':%'); |
|
- | 159 | ||
158 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."objects where id like '".OIDplus::db()->real_escape_string($ns.':%')."' and (".implode(' or ', $where).")"); |
160 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."objects where id like ? and (".implode(' or ', $sql_where).")", $prep_where); |
159 | 161 | ||
160 | $count = 0; |
162 | $count = 0; |
161 | while ($row = OIDplus::db()->fetch_object($res)) { |
163 | while ($row = OIDplus::db()->fetch_object($res)) { |
162 | $out['text'] .= '<p><a '.oidplus_link($row->id).'>'.htmlentities($row->id).'</a>: <b>'.htmlentities($row->title).'</b></p>'; // TODO: also show asn1id; highlight search match? |
164 | $out['text'] .= '<p><a '.oidplus_link($row->id).'>'.htmlentities($row->id).'</a>: <b>'.htmlentities($row->title).'</b></p>'; // TODO: also show asn1id; highlight search match? |
163 | $count++; |
165 | $count++; |