Changeset 601 for branches/stable/cgi-bin/search.cgi
- Timestamp:
- 10/04/13 16:47:32 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/stable/cgi-bin/search.cgi
r594 r601 9 9 # Last update by $Author$ 10 10 ### 11 # Copyright 2005-2011 - Kris Deugau11 # Copyright (C) 2005-2013 Kris Deugau <kdeugau@deepnet.cx> 12 12 13 13 use strict; … … 76 76 if (!defined($webvar{stype})) { 77 77 $webvar{stype} = "<NULL>"; #shuts up the warnings. 78 $page = HTML::Template->new(filename => "search/compsearch.tmpl"); 78 $page = HTML::Template->new(filename => "search/compsearch.tmpl", 79 global_vars => 1); 79 80 } else { 80 $page = HTML::Template->new(filename => "search/sresults.tmpl"); 81 $page = HTML::Template->new(filename => "search/sresults.tmpl", 82 global_vars => 1); 81 83 } 84 $page->param(webpath => $IPDB::webpath); 82 85 83 86 my $header = HTML::Template->new(filename => "header.tmpl"); 84 87 $header->param(version => $IPDB::VERSION); 85 88 $header->param(addperm => $IPDBacl{$authuser} =~ /a/); 89 $header->param(webpath => $IPDB::webpath); 86 90 print "Content-type: text/html\n\n", $header->output; 87 91 … … 355 359 queryResults($sql, $webvar{page}, $count); 356 360 357 } elsif ($category eq 'cust' ) {361 } elsif ($category eq 'cust' || $category eq 'desc') { 358 362 359 363 ##fixme: this and other quick-search areas; fix up page heading title similar to first grouping above 360 print qq(<div class="heading">Searching for Customer IDs containing '$query'</div><br>\n); 361 364 print qq(<div class="heading">Searching for Customer IDs or Descriptions containing '$query'</div><br>\n); 365 366 # head off the worst of SQL injection. search really needs a big rewrite... 367 $query =~ s/'/''/g; 362 368 # Query for a customer ID. Note that we can't restrict to "numeric-only" 363 369 # as we have non-numeric custIDs in the legacy data. :/ 364 $sql = "select $cols from searchme where custid ilike '%$query%' or description like '%$query%'"; 365 my $count = countRows($sql); 366 $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset"; 367 queryResults($sql, $webvar{page}, $count); 368 369 } elsif ($category eq 'desc') { 370 371 print qq(<div class="heading">Searching for descriptions containing '$query'</div><br>\n); 372 # Query based on description (includes "name" from old DB). 373 $sql = "select $cols from searchme where description ilike '%$query%'". 374 " or custid ilike '%$query%'"; 370 $sql = "select $cols from searchme where custid ilike '%$query%' or description ilike '%$query%'"; 375 371 my $count = countRows($sql); 376 372 $sql .= " order by cidr limit $RESULTS_PER_PAGE offset $offset";
Note:
See TracChangeset
for help on using the changeset viewer.