From d967a1fa14237648fc63c44f6a28c9c077b3e1bc Mon Sep 17 00:00:00 2001
From: tcit <tcit@tcit.fr>
Date: Wed, 2 Apr 2014 17:44:47 +0200
Subject: Important fixes for search engine (thx @mariroz)

So sorry for the mess... :(
* search only in users' own articles
* sanitized what is searched
* display what is searched
* pagination, sorting available when searching
* use existing function to query db
* bad encoding caracters fixed
* link to JQuery into default theme, no longer in each theme
* some spaces instead of tabs
---
 inc/poche/Database.class.php | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'inc/poche/Database.class.php')

diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 6f5c9ac0..2257f281 100755
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -389,12 +389,13 @@ class Database {
         return $this->getHandle()->lastInsertId($column);
     }
 	
-	public function search($term){
-		$search = '%'.$term.'%';
-		$query = $this->getHandle()->prepare("SELECT * FROM entries WHERE content LIKE ? OR title LIKE ? OR url LIKE ?"); //searches in content, title and URL
-		$query->execute(array($search,$search,$search));
-		$entries = $query->fetchAll();
-		return $entries;
+   public function search($term,$id,$limit = ''){
+      $search = '%'.$term.'%';
+      $sql_action     = ("SELECT * FROM entries WHERE user_id=? AND (content LIKE ? OR title LIKE ? OR url LIKE ?) "); //searches in content, title and URL
+      $sql_action .= $this->getEntriesOrder().' ' . $limit;
+      $params_action  = array($id,$search,$search,$search);
+      $query          = $this->executeQuery($sql_action, $params_action);
+      return $query->fetchAll();
 	}
 
     public function retrieveAllTags($user_id, $term = null) {
-- 
cgit v1.2.3