Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
IF3110-2018-K03-Petjah
TugasBesar1_2018
Commits
88f35b48
Commit
88f35b48
authored
Feb 02, 2020
by
Shevalda Gracielira
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Get parameter sanitized, added prepared statement (Fixes
#1
and
#8
)
parent
be10106f
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
25 additions
and
17 deletions
+25
-17
web/search_result/controller.php
web/search_result/controller.php
+25
-17
No files found.
web/search_result/controller.php
View file @
88f35b48
<?php
require_once
(
'view.php'
);
require_once
(
'view.php'
);
class
resultController
{
public
static
function
showResultController
(
array
$params
)
{
if
(
isset
(
$_COOKIE
[
"login"
])){
class
resultController
{
public
static
function
showResultController
(
array
$params
)
{
if
(
isset
(
$_COOKIE
[
"login"
]))
{
$token
=
$_COOKIE
[
"login"
];
$username
=
getUsername
(
$token
);
}
else
{
}
else
{
$username
=
"NONE"
;
}
$text
=
$params
[
"search_text"
];
$text
=
filter_var
(
$params
[
"search_text"
]
,
FILTER_SANITIZE_STRING
,
FILTER_FLAG_STRIP_LOW
|
FILTER_FLAG_STRIP_HIGH
|
FILTER_FLAG_STRIP_BACKTICK
)
;
$result_data
=
self
::
getResultData
(
$text
);
$params
=
[
'username'
=>
$username
];
$params
[
"item"
]
=
$result_data
;
searchResultView
::
viewResult
(
$params
);
}
private
static
function
getResultData
(
$search_text
){
private
static
function
getResultData
(
$search_text
)
{
$conn
=
connect_to_mysql
();
if
(
$conn
!==
NULL
){
$sql_query
=
'SELECT T1.ID as ID, Judul, Pengarang, Deskripsi, avg(rating) as avg_rating, count(book_id) as count
from ((SELECT * FROM books where Judul LIKE "%'
.
$search_text
.
'%") as T1 left join book_order on (T1.ID = book_order.book_id))
left join review on (review.order_id = book_order.Nomor_Order) group by T1.ID'
;
$result
=
$conn
->
query
(
$sql_query
);
if
(
$conn
!==
NULL
)
{
$sql_query
=
"SELECT T1.ID as ID, Judul, Pengarang, Deskripsi, avg(rating) as avg_rating, count(book_id) as count
from ((SELECT * FROM books where Judul LIKE CONCAT('%',?,'%')) as T1 left join book_order on (T1.ID = book_order.book_id))
left join review on (review.order_id = book_order.Nomor_Order) group by T1.ID"
;
if
(
$stmt
=
$conn
->
prepare
(
$sql_query
))
{
$stmt
->
bind_param
(
"s"
,
$search_text
);
$stmt
->
execute
();
$result
=
$stmt
->
get_result
();
$stmt
->
close
();
}
$conn
->
close
();
if
(
$result
!=
NULL
){
if
(
$result
!=
NULL
)
{
return
$result
;
}
else
{
}
else
{
return
0
;
}
}
else
{
}
else
{
return
0
;
}
}
}
?>
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment