搜索
分析
(主要是处理数组数据的问题)eg:
$q = array("Volvo","BMW","Toyota");
输入数据为数组 且 数组元素大于一个的时候 ,
where[] = user_name= 'Volvo BMW Toyota' OR user_name = 'VolvoBMWToyota'
eg:
$q = array("Volvo");
输入数据为数组 且 数组元素等于一个的时候 ,
where[] = user_name= 'Volvo%'
eg:
$q = "Volvo"
输入数据为不为数组 的时候 ,
where[] = user_name= 'Volvo%'
- 代码
public function search_users($q, $page, $limit = 20)
{
if (is_array($q) AND sizeof($q) > 1)
{
$where[] = "user_name = '" . $this->quote(implode(' ', $q)) . "' OR user_name = '" . $this->quote(implode('', $q)) . "'";
}
else
{
if (is_array($q))
{
$q = implode('', $q);
}
$where[] = "user_name LIKE '" . $this->quote($q) . "%'";
}
return $this->query_all('SELECT uid, last_login FROM ' . get_table('users') . ' WHERE ' . implode(' OR ', $where), calc_page_limit($page, $limit));
}
quote过滤函数
- 代码
/**
* 添加引号防止数据库攻击
*
* 外部提交的数据需要使用此方法进行清理
*
* @param string
* @return string
*/
public function quote($string)
{
if (is_object($this->db()))
{
$_quote = $this->db()->quote($string);
if (substr($_quote, 0, 1) == "'")
{
$_quote = substr(substr($_quote, 1), 0, -1);
}
return $_quote;
}
if (function_exists('mysql_escape_string'))
{
$string = @mysql_escape_string($string);
}
else
{
$string = addslashes($string);
}
return $string;
}