Rev 148 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 148 | Rev 150 | ||
|---|---|---|---|
| Line 114... | Line 114... | ||
| 114 | $out['text'] .= '<p><font color="red">Error: Search term minimum length is '.$min_length.' characters.</font></p>'; |
114 | $out['text'] .= '<p><font color="red">Error: Search term minimum length is '.$min_length.' characters.</font></p>'; |
| 115 | } else { |
115 | } else { |
| 116 | if ($ns == 'oidplus:ra') { |
116 | if ($ns == 'oidplus:ra') { |
| 117 | $out['text'] .= '<h2>Search results for RA "'.htmlentities($search_term).'"</h2>'; |
117 | $out['text'] .= '<h2>Search results for RA "'.htmlentities($search_term).'"</h2>'; |
| 118 | 118 | ||
| 119 | $where = array(); |
119 | $sql_where = array(); $prep_where = array(); |
| 120 | $where[] = "email like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; |
120 | $sql_where[] = "email like ?"; $prep_where[] = '%'.$search_term.'%'; |
| 121 | $where[] = "ra_name like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; |
121 | $sql_where[] = "ra_name like ?"; $prep_where[] = '%'.$search_term.'%'; |
| 122 | 122 | ||
| 123 | if (count($where) == 0) $where[] = '1=0'; |
123 | if (count($sql_where) == 0) $sql_where[] = '1=0'; |
| 124 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where (".implode(' or ', $where).")"); |
124 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where (".implode(' or ', $sql_where).")", $prep_where); |
| 125 | 125 | ||
| 126 | $count = 0; |
126 | $count = 0; |
| 127 | while ($row = OIDplus::db()->fetch_object($res)) { |
127 | while ($row = OIDplus::db()->fetch_object($res)) { |
| 128 | $email = str_replace('@', '&', $row->email); |
128 | $email = str_replace('@', '&', $row->email); |
| 129 | $out['text'] .= '<p><a '.oidplus_link('oidplus:rainfo$'.str_replace('@','&',$email)).'>'.htmlentities($email).'</a>: <b>'.htmlentities($row->ra_name).'</b></p>'; |
129 | $out['text'] .= '<p><a '.oidplus_link('oidplus:rainfo$'.str_replace('@','&',$email)).'>'.htmlentities($email).'</a>: <b>'.htmlentities($row->ra_name).'</b></p>'; |
| Line 133... | Line 133... | ||
| 133 | $out['text'] .= '<p>Nothing found</p>'; |
133 | $out['text'] .= '<p>Nothing found</p>'; |
| 134 | } |
134 | } |
| 135 | } else { |
135 | } else { |
| 136 | $out['text'] .= '<h2>Search results for "'.htmlentities($search_term).'" ('.htmlentities($ns).')</h2>'; |
136 | $out['text'] .= '<h2>Search results for "'.htmlentities($search_term).'" ('.htmlentities($ns).')</h2>'; |
| 137 | 137 | ||
| 138 | $where = array(); |
138 | $sql_where = array(); $prep_where = array(); |
| 139 | $where[] = "id like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; // TODO: should we rather do findFitting(), so we can e.g. find GUIDs with different notation? |
139 | $sql_where[] = "id like ?"; $prep_where[] = '%'.$search_term.'%'; // TODO: should we rather do findFitting(), so we can e.g. find GUIDs with different notation? |
| 140 | if (isset($_POST["search_title"])) $where[] = "title like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; |
140 | if (isset($_POST["search_title"])) { $sql_where[] = "title like ?"; $prep_where[] = '%'.$search_term.'%'; } |
| 141 | if (isset($_POST["search_description"])) $where[] = "description like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"; |
141 | if (isset($_POST["search_description"])) { $sql_where[] = "description like ?"; $prep_where[] = '%'.$search_term.'%'; } |
| 142 | 142 | ||
| 143 | if (isset($_POST["search_asn1id"])) { |
143 | if (isset($_POST["search_asn1id"])) { |
| 144 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."asn1id where name like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"); |
144 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."asn1id where name like ?", array('%'.$search_term.'%')); |
| 145 | while ($row = OIDplus::db()->fetch_object($res)) { |
145 | while ($row = OIDplus::db()->fetch_object($res)) { |
| 146 | $where[] = "id = '".OIDplus::db()->real_escape_string($row->oid)."'"; |
146 | $sql_where[] = "id = ?"; $prep_where[] = $row->oid; |
| 147 | } |
147 | } |
| 148 | } |
148 | } |
| 149 | 149 | ||
| 150 | if (isset($_POST["search_iri"])) { |
150 | if (isset($_POST["search_iri"])) { |
| 151 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."iri where name like '".OIDplus::db()->real_escape_string('%'.$search_term.'%')."'"); |
151 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."iri where name like ?", array('%'.$search_term.'%')); |
| 152 | while ($row = OIDplus::db()->fetch_object($res)) { |
152 | while ($row = OIDplus::db()->fetch_object($res)) { |
| 153 | $where[] = "id = '".OIDplus::db()->real_escape_string($row->oid)."'"; |
153 | $sql_where[] = "id = ?"; $prep_where[] = $row->oid; |
| 154 | } |
154 | } |
| 155 | } |
155 | } |
| 156 | 156 | ||
| 157 | if (count($where) == 0) $where[] = '1=0'; |
157 | if (count($sql_where) == 0) $sql_where[] = '1=0'; |
| - | 158 | array_unshift($prep_where, $ns.':%'); |
|
| - | 159 | ||
| 158 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."objects where id like '".OIDplus::db()->real_escape_string($ns.':%')."' and (".implode(' or ', $where).")"); |
160 | $res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."objects where id like ? and (".implode(' or ', $sql_where).")", $prep_where); |
| 159 | 161 | ||
| 160 | $count = 0; |
162 | $count = 0; |
| 161 | while ($row = OIDplus::db()->fetch_object($res)) { |
163 | while ($row = OIDplus::db()->fetch_object($res)) { |
| 162 | $out['text'] .= '<p><a '.oidplus_link($row->id).'>'.htmlentities($row->id).'</a>: <b>'.htmlentities($row->title).'</b></p>'; // TODO: also show asn1id; highlight search match? |
164 | $out['text'] .= '<p><a '.oidplus_link($row->id).'>'.htmlentities($row->id).'</a>: <b>'.htmlentities($row->title).'</b></p>'; // TODO: also show asn1id; highlight search match? |
| 163 | $count++; |
165 | $count++; |