[moho]

I added a simple search function in the skeleton app developed by Jonah. It should also applies to the original blog app and the enhanced blog app by mocapapa.

If you need an enhanced version, you may want mocapapa's version. I use this version for an internal app that needs very simple search functionality.

For the original blog app, only 3 lines are affected.

Files affected:
controller/PostController.php
views/post/list.php

PostController.php
Change

	public function actionList()

	{

		$criteria=new CDbCriteria;

		$criteria->condition='status='.Post::STATUS_PUBLISHED;

into

	public function actionList($search)

	{

		$criteria=new CDbCriteria;                

		$criteria->condition='status='.Post::STATUS_PUBLISHED;

               if(isset($_GET['search']))

{$criteria->contion='content like '%'.$_GET['search'].'%'';}

in view/post/list.php

add the following after line 12

<form action="<?php echo Yii::app()->baseUrl.'/post/list';?>" method="get">

<input type="text" name="search" size="30">

<input type="submit" value="Submit" /></form>

[qiang]

Thank you for sharing your code.

You should modify the search condition statement in your code, however, because it is subject to SQL injection attack.

$criteria->condition='content LIKE :keyword';

$criteria->params=array(':keyword'=>'%'.$_GET['search'].'%');

[moho]

Thank you, Qiang. This is very valuable correction.

[Bios Element]

Quote

Thank you, Qiang. This is very valuable correction.

Any chance you still have the original code so I can take a look at what 'not' to do?

[moho]

Bios Element, my code is still there. I leave the mistake there so that others will not make the same mistake.

What qiang did is to use named placeholder in the sql to avoid SQL injection.

qiang is the best. He has done all the dirty coding and security work so that we can all focus on our business logic!

[ooaat]

here here moho