<?php
-
/**
- * GForge Search Engine
+ * FusionForge search engine
+ *
+ * Copyright 1999-2001, VA Linux Systems, Inc
+ * Copyright 2004, Guillaume Smet/Open Wide
+ * Copyright 2009, Roland Mas
*
- * Portions Copyright 1999-2001 (c) VA Linux Systems
- * The rest Copyright 2004 (c) Guillaume Smet / Open Wide
+ * This file is part of FusionForge.
*
- * http://gforge.org
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
*
- * @version $Id$
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
*/
class SearchQuery extends Error {
* @param int $rowsPerPage number of rows per page
*/
function SearchQuery($words, $offset, $isExact, $rowsPerPage = SEARCH__DEFAULT_ROWS_PER_PAGE) {
+ if (get_magic_quotes_gpc()) {
+ $words = stripslashes($words);
+ }
$this->cleanSearchWords($words);
-
+ //We manual escap because every Query in Search escap parameters
+ $words = addslashes($words);
+ $this->words = array_map('addslashes',$this->words);
+ $this->phrases = array_map('addslashes',$this->phrases);
$this->rowsPerPage = $rowsPerPage;
$this->offset = $offset;
$this->isExact = $isExact;
if(is_numeric($words) && $this->implementsSearchById()) {
$this->searchId = (int) $words;
} else {
- $words = htmlspecialchars($words);
- $words = strtr($words, array('%' => '', '_' => ''));
$words = preg_replace("/[ \t]+/", ' ', $words);
if(strlen($words) < 3) {
$this->setError(_('Error: search query too short'));
return;
}
+ $words = htmlspecialchars($words);
+ $words = strtr($words, array('%' => '\%', '_' => '\_'));
$this->words = array();
$this->phrases = array();
$phrase = '';
function executeQuery() {
global $sys_use_fti;
if($this->searchId) {
- $query = $this->getSearchByIdQuery();
+ $qpa = $this->getSearchByIdQuery();
} else {
- $query = $this->getQuery();
+ $qpa = $this->getQuery();
}
if ($sys_use_fti) {
- db_query("select set_curcfg('default')");
+ db_query_params ('select set_curcfg($1)',
+ array ('default'));
}
- $this->result = db_query(
- $query,
+ $this->result = db_query_qpa (
+ $qpa,
$this->rowsPerPage + 1,
$this->offset,
SYS_DB_SEARCH
}
/**
- * getQuery - returns the sql query built to get the search results
+ * getQuery - returns the query built to get the search results
* This is an abstract method. It _MUST_ be implemented in children classes.
*
- * @return string sql query to execute
+ * @return array query+params array
*/
function getQuery() {
return;
}
- /**
- * getIlikeCondition - build the ILIKE condition of the SQL query for a given field name
- *
- * @param string $fieldName name of the field in the ILIKE condition
- * @return string the condition
- */
- function getIlikeCondition($fieldName) {
- global $sys_database_type;
-
- $wordArgs = array_merge($this->words, str_replace(' ', "\\\s+",$this->phrases));
- if ( $sys_database_type == "mysql" ) {
- return $fieldName." LIKE '%" . implode("%' ".$this->operator." ".$fieldName." ILIKE '%", $wordArgs) ."%'";
+ function addMatchCondition($qpa, $fieldName) {
+ if(!count($arr)) {
+ $qpa = db_construct_qpa ($qpa, 'TRUE') ;
} else {
- return $fieldName." ILIKE '%" . implode("%' ".$this->operator." ".$fieldName." ILIKE '%", $wordArgs) ."%'";
+ $regexs = str_replace(' ', "\\\s+", $arr);
+ for ($i = 0; $i < count ($regexs); $i++) {
+ if ($i > 0) {
+ $qpa = db_construct_qpa ($qpa,
+ $this->operator) ;
+ }
+ $qpa = db_construct_qpa ($qpa,
+ $fieldName.' ~* $1',
+ $regexs[$i]) ;
+ }
}
+ return $qpa;
}
- function getMatchCond($fieldName, $arr) {
- if(!count($arr)) {
- $result = 'TRUE';
- } else {
- $regexs = str_replace(' ', "\\\s+",$arr);
- $result = $fieldName." ~* '" . implode("' ".$this->operator." ".$fieldName." ~* '", $regexs) ."'";
+ function addIlikeCondition($qpa, $fieldName) {
+ $wordArgs = array_map ('strtolower',
+ array_merge($this->words, str_replace(' ', "\\\s+", $this->phrases)));
+
+ for ($i = 0; $i < count ($wordArgs); $i++) {
+ if ($i > 0) {
+ $qpa = db_construct_qpa ($qpa,
+ $this->operator) ;
+ }
+ $qpa = db_construct_qpa ($qpa,
+ 'lower ('.$fieldName.') LIKE $1',
+ $wordArgs[$i]) ;
}
- return $result;
+ return $qpa ;
}
/**
*/
function setSections($sections) {
if(is_array($sections)) {
- //make a comma separated string from the sections array
- foreach($sections as $key => $section)
- $sections[$key] = '\''.$section.'\'';
- $this->sections = implode(', ', $sections);
+ $this->sections = array_keys ($sections) ;
} else {
$this->sections = $sections;
}