commit - 7a8d3060c7b9cc65d45c82f630730bb668c4f878
commit + 690dc40ac30fa277039fd54eee941ca7b3b9b7ee
blob - e918ad510afdb241d08548712ea898120fd22f0d
blob + 612723cee776d69bbf8464745efe462c5506e30f
--- alexandria/search.php
+++ alexandria/search.php
for ($i = 1; $i < sizeof($words); $i++) $query .= " AND (g.name LIKE \"%" . $words[$i] . "%\"" . numremove($words[$i]) . ')';
$query .= ")";
}
- else $query .= "(g.name LIKE \"%$search%\"" .numremove($search) . ")";
+ else $query .= "(g.name LIKE ?)";
- if ($system != "") $query .= " AND g.system='$system'";
+ $searchingBySystem = $system != "";
+ if ($searchingBySystem) $query .= " AND g.system=?";
+
$query .= " ORDER BY g.name, g.system";
- $result = $mysqli->query($query) or die("Error fetching game information!");
+ $statement = $mysqli->prepare($query);
+ if ($mode == "" && $searchingBySystem) {
+ $searchString = "%$search%".numremove($search);
+ $statement->bind_param('ss', $searchString, $system);
+ } else if ($searchingBySystem) {
+ $statement->bind_param('s', $system);
+ }
+
+ $statement->execute();
+ $result = $statement->get_result() or die("Error fetching game information!");
+
print "<title>Search Results</title>";
include("main-header.txt");
?>
print '<tr><td align="center" background="/images/slbg.gif"><b>Game Name</b></td><td align="center" background="/images/slbg.gif"><b>Shrine Status</b></tr>';
$i = 0;
- while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
+ while ($row = $result->fetch_assoc())
{ if ($i <= (($page - 1) * MAX_RESULTS) - 1) {$i++; continue;}
if ($i > ($page * MAX_RESULTS) - 1) break;
$gid = $row['gid'];
