[TYPO3-english] can anyone help me to check this php code?
Markus Klein
klein.t3 at mfc-linz.at
Mon May 14 17:05:17 CEST 2012
>
> Hi,
>
> function search()
> {
> if ($this->piVars['keyword'])
> {
> if(is_array($this->piVars['keyword']) )
> {
> $res = $GLOBALS['typo3_DB']->exec_SELECTquery(
> 'fe.uid, fe.email, fe.city',
> 'tx_jc_text jc LEFT JOIN fe_users fe ON fe.uid = jc.cruser_id', 'jc.contents LIKE \'%'.$this->piVars['keyword'].'%\' '
If piVars['keyword'] is an array, what are you doing here?
And: Hello SQL injection, you need to send your parameters through the various escaping functions of TYPO3_DB first, before using it in a db query.
> );
> }
> }
> }
>
> I want to make it function like this: if some one input "john swens freddy"
> in search box, it will show all the texts including john, or swens, or freddy, the search result will be like this:
> 1. john is a good person...
> 2. john freddy is going to school...
> 3.freddy is coming...
>
> So how could I change the php code above? Thanks.
Regards
Markus
More information about the TYPO3-english
mailing list