Yii Framework Forum: Very Simple search function in the blog demo - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Very Simple search function in the blog demo Rate Topic: ****- 1 Votes

#1 User is offline   moho 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 103
  • Joined: 25-April 09

Posted 18 May 2009 - 08:49 AM

I added a simple search function in the skeleton app developed by Jonah. It should also applies to the original blog app and the enhanced blog app by mocapapa.

If you need an enhanced version, you may want mocapapa's version. I use this version for an internal app that needs very simple search functionality.

For the original blog app, only 3 lines are affected.

Files affected:
controller/PostController.php
views/post/list.php

PostController.php
Change
	public function actionList()
{
$criteria=new CDbCriteria;
$criteria->condition='status='.Post::STATUS_PUBLISHED;

into
	public function actionList($search)
{
$criteria=new CDbCriteria;               
$criteria->condition='status='.Post::STATUS_PUBLISHED;
              if(isset($_GET['search']))
{$criteria->contion='content like '%'.$_GET['search'].'%'';}


in view/post/list.php

add the following after line 12

<form action="<?php echo Yii::app()->baseUrl.'/post/list';?>" method="get">
<input type="text" name="search" size="30">
<input type="submit" value="Submit" /></form>

0

#2 User is offline   qiang 

  • Yii Project Lead
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,875
  • Joined: 04-October 08
  • Location:DC, USA

Posted 18 May 2009 - 09:52 AM

Thank you for sharing your code.

You should modify the search condition statement in your code, however, because it is subject to SQL injection attack.

$criteria->condition='content LIKE :keyword';
$criteria->params=array(':keyword'=>'%'.$_GET['search'].'%');

0

#3 User is offline   moho 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 103
  • Joined: 25-April 09

Posted 18 May 2009 - 12:10 PM

Thank you, Qiang. This is very valuable correction.
0

#4 User is offline   Bios Element 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 63
  • Joined: 13-February 09
  • Location:Ohio, USA

Posted 18 May 2009 - 06:04 PM

Quote

Thank you, Qiang. This is very valuable correction.

Any chance you still have the original code so I can take a look at what 'not' to do?
0

#5 User is offline   moho 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 103
  • Joined: 25-April 09

Posted 18 May 2009 - 10:55 PM

Bios Element, my code is still there. I leave the mistake there so that others will not make the same mistake.

What qiang did is to use named placeholder in the sql to avoid SQL injection.

qiang is the best. He has done all the dirty coding and security work so that we can all focus on our business logic!
0

#6 User is offline   ooaat 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 89
  • Joined: 01-May 09

Posted 19 May 2009 - 02:02 PM

here here moho
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users