Changeset 1003

Show
Ignore:
Timestamp:
04/23/08 17:27:48 (6 months ago)
Author:
gleu
Message:

Ajout des pg_escape_string manquants (oui, je sais, c'est pas beau d'avoir oublié :) ).
D'après une idée de Cédric Villemain.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • traduc/trunk/www/search.php

    r994 r1003  
    5050<form method="post" action="search.php"> 
    5151  <div> 
    52   <input id="q" name="q" type="text" size="20" maxlength="255" onfocus="if( this.value=='Rechercher' ) this.value='';" value="<?= strlen($_POST['q'])>0 ? $_POST['q'] : 'Rechercher' ?>" accesskey="s" /><input id="submit" name="submit" type="submit" value="Rechercher" /> 
     52  <input id="q" name="q" type="text" size="20" maxlength="255" onfocus="if( this.value=='Rechercher' ) this.value='';" value="<?= strlen($_POST['q'])>0 ? $_POST['q'] : 'Rechercher' ?>" accesskey="s" /> 
     53  <input id="submit" name="submit" type="submit" value="Rechercher" /> 
    5354  <select id="v" name="v"> 
    5455<? 
     
    7273</form> 
    7374<? 
    74 $recherche = $_POST['q']
     75$recherche = pg_escape_string($_POST['q'])
    7576 
    7677$query = "SELECT version, url, titre 
     
    7879WHERE (url like 'sql-%".ereg_replace(' ','',$recherche)."%.html' OR url like 'app-%".ereg_replace('_','',$recherche)."%.html' OR url like 'app-%".ereg_replace('_','-',$recherche)."%.html') "; 
    7980if ($filtreversion > 0) 
    80   $query .= "AND version=".$filtreversion." "; 
     81  $query .= "AND version=".pg_escape_string($filtreversion)." "; 
    8182$query .= "ORDER BY version desc, titre "; 
    8283$result = pg_query($pgconn, $query); 
     
    168169WHERE fti @@ q "; 
    169170if ($filtreversion > 0) 
    170   $query .= "AND version=".$filtreversion." "; 
     171  $query .= "AND version=".pg_escape_string($filtreversion)." "; 
    171172$query .= "ORDER BY ts_rank(fti, q) DESC 
    172173LIMIT 100";