Skip to content

Commit

Permalink
Fix for improper quoted search strings
Browse files Browse the repository at this point in the history 
"error loading page" if searching for strings with ' in it:
exception 'PDOException' with message 'SQLSTATE[HY000]: General error: 1 near "brian": syntax error' in C:\Apache24\htdocs\bbs122\lib\BicBucStriim\calibre.php:292
Stack trace:
#0 ..\lib\BicBucStriim\calibre.php(292): PDO->query('select count(*)...')
#1 ..\lib\BicBucStriim\calibre.php(275): Calibre->count('select count(*)...')
#2 ..\lib\BicBucStriim\calibre.php(556): Calibre->findSliceFiltered('Book', 0, 30, Object(CalibreFilter), 'o'brian')
rvolz#3 ..\index.php(911): Calibre->titlesSlice('de', 0, 30, Object(CalibreFilter), 'o'brian')
rvolz#4 [internal function]: globalSearch()
rvolz#5 ..\vendor\slim\slim\Slim\Route.php(436): call_user_func_array('globalSearch', Array)
rvolz#6 ..\vendor\slim\slim\Slim\Slim.php(1307): Slim\Route->dispatch()
rvolz#7 ..\vendor\slim\slim\Slim\Middleware\Flash.php(85): Slim\Slim->call()
rvolz#8 ..\vendor\slim\slim\Slim\Middleware\MethodOverride.php(92): Slim\Middleware\Flash->call()
rvolz#9 ..\lib\BicBucStriim\calibre_config_middleware.php(50): Slim\Middleware\MethodOverride->call()
rvolz#10 ..\lib\BicBucStriim\login_middleware.php(33): CalibreConfigMiddleware->call()
rvolz#11 ..\lib\BicBucStriim\own_config_middleware.php(33): LoginMiddleware->call()
rvolz#12 ..\lib\BicBucStriim\caching_middleware.php(41): OwnConfigMiddleware->call()
rvolz#13 ..\vendor\slim\slim\Slim\Middleware\PrettyExceptions.php(67): CachingMiddleware->call()
rvolz#14 ..\vendor\slim\slim\Slim\Slim.php(1254): Slim\Middleware\PrettyExceptions->call()
rvolz#15 ..\index.php(196): Slim\Slim->run()
rvolz#16 {main}
  • Loading branch information
@OzzieIsaacs @jampot5000
OzzieIsaacs authored and jampot5000 committed Jul 17, 2014
1 parent e4aa5c1 commit b22efca
Showing 1 changed file with 37 additions and 29 deletions.
66 changes: 37 additions & 29 deletions lib/BicBucStriim/calibre.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,68 +115,72 @@ function findSlice($class, $index=0, $length=100, $search=NULL, $id=NULL) {
if ($index < 0 || $length < 1 || !in_array($class, array('Book','Author','Tag', 'Series', 'SeriesBook', 'TagBook', 'AuthorBook')))
return array('page'=>0,'pages'=>0,'entries'=>NULL);
$offset = $index * $length;
if(!is_null($search))
{
$search= $this->calibre->quote( '%'.$search .'%' );
}
switch($class) {
case 'Author':
if (is_null($search)) {
$count = 'select count(*) from authors';
$query = 'select a.id, a.name, a.sort, count(bal.id) as anzahl from authors as a left join books_authors_link as bal on a.id = bal.author group by a.id order by a.sort limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from authors where lower(sort) like \'%'.strtolower($search).'%\'';
$query = 'select a.id, a.name, a.sort, count(bal.id) as anzahl from authors as a left join books_authors_link as bal on a.id = bal.author where lower(a.name) like \'%'.strtolower($search).'%\' group by a.id order by a.sort limit '.$length.' offset '.$offset;
$count = 'select count(*) from authors where lower(sort) like '.strtolower($search);
$query = 'select a.id, a.name, a.sort, count(bal.id) as anzahl from authors as a left join books_authors_link as bal on a.id = bal.author where lower(a.name) like '.strtolower($search).' group by a.id order by a.sort limit '.$length.' offset '.$offset;
}
break;
case 'AuthorBook':
if (is_null($search)) {
$count = 'select count(*) from (select BAL.book, Books.* from books_authors_link BAL, books Books where Books.id=BAL.book and author = '.$id.')';
$query = 'select BAL.book, Books.* from books_authors_link BAL, books Books where Books.id=BAL.book and author = '.$id.' order by Books.sort limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from (select BAL.book, Books.* from books_authors_link BAL, books Books where Books.id=BAL.book and author = '.$id.') where lower(sort) like \'%'.strtolower($search).'%\'';
$query = 'select BAL.book, Books.* from books_authors_link BAL, books Books where Books.id=BAL.book and author ='.$id.' and lower(Books.sort) like \'%'.strtolower($search).'%\' order by Books.sort limit '.$length.' offset '.$offset;
$count = 'select count(*) from (select BAL.book, Books.* from books_authors_link BAL, books Books where Books.id=BAL.book and author = '.$id.') where lower(sort) like '.strtolower($search);
$query = 'select BAL.book, Books.* from books_authors_link BAL, books Books where Books.id=BAL.book and author ='.$id.' and lower(Books.sort) like '.strtolower($search).' order by Books.sort limit '.$length.' offset '.$offset;
}
break;
case 'Book':
if (is_null($search)) {
$count = 'select count(*) from books';
$query = 'select * from books order by sort limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from books where lower(title) like \'%'.strtolower($search).'%\'';
$query = 'select * from books where lower(title) like \'%'.strtolower($search).'%\' order by sort limit '.$length.' offset '.$offset;
$count = 'select count(*) from books where lower(title) like '.strtolower($search);
$query = 'select * from books where lower(title) like '.strtolower($search).' order by sort limit '.$length.' offset '.$offset;
}
break;
case 'Series':
if (is_null($search)) {
$count = 'select count(*) from series';
$query = 'select series.id, series.name, count(bsl.id) as anzahl from series left join books_series_link as bsl on series.id = bsl.series group by series.id order by series.name limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from series where lower(name) like \'%'.strtolower($search).'%\'';
$query = 'select series.id, series.name, count(bsl.id) as anzahl from series left join books_series_link as bsl on series.id = bsl.series where lower(series.name) like \'%'.strtolower($search).'%\' group by series.id order by series.name limit '.$length.' offset '.$offset;
$count = 'select count(*) from series where lower(name) like '.strtolower($search);
$query = 'select series.id, series.name, count(bsl.id) as anzahl from series left join books_series_link as bsl on series.id = bsl.series where lower(series.name) like '.strtolower($search).' group by series.id order by series.name limit '.$length.' offset '.$offset;
}
break;
case 'SeriesBook':
if (is_null($search)) {
$count = 'select count (*) from (select BSL.book, Books.* from books_series_link BSL, books Books where Books.id=BSL.book and series = '.$id.')';
$query = 'select BSL.book, Books.* from books_series_link BSL, books Books where Books.id=BSL.book and series = '.$id.' order by series_index limit '.$length.' offset '.$offset;
} else {
$count = 'select count (*) from (select BSL.book, Books.* from books_series_link BSL, books Books where Books.id=BSL.book and series = '.$id.') where lower(sort) like \'%'.strtolower($search).'%\'';
$query = 'select BSL.book, Books.* from books_series_link BSL, books Books where Books.id=BSL.book and series = '.$id.' and lower(Books.sort) like \'%'.strtolower($search).'%\' order by series_index limit '.$length.' offset '.$offset;
$count = 'select count (*) from (select BSL.book, Books.* from books_series_link BSL, books Books where Books.id=BSL.book and series = '.$id.') where lower(sort) like '.strtolower($search);
$query = 'select BSL.book, Books.* from books_series_link BSL, books Books where Books.id=BSL.book and series = '.$id.' and lower(Books.sort) like '.strtolower($search).' order by series_index limit '.$length.' offset '.$offset;
}
break;
case 'Tag':
if (is_null($search)) {
$count = 'select count(*) from tags';
$query = 'select tags.id, tags.name, count(btl.id) as anzahl from tags left join books_tags_link as btl on tags.id = btl.tag group by tags.id order by tags.name limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from tags where lower(name) like \'%'.strtolower($search).'%\'';
$query = 'select tags.id, tags.name, count(btl.id) as anzahl from tags left join books_tags_link as btl on tags.id = btl.tag where lower(tags.name) like \'%'.strtolower($search).'%\' group by tags.id order by tags.name limit '.$length.' offset '.$offset;
$count = 'select count(*) from tags where lower(name) like '.strtolower($search);
$query = 'select tags.id, tags.name, count(btl.id) as anzahl from tags left join books_tags_link as btl on tags.id = btl.tag where lower(tags.name) like '.strtolower($search).' group by tags.id order by tags.name limit '.$length.' offset '.$offset;
}
break;
case 'TagBook':
if (is_null($search)) {
$count = 'select count (*) from (select BTL.book, Books.* from books_tags_link BTL, books Books where Books.id=BTL.book and tag = '.$id.')';
$query = 'select BTL.book, Books.* from books_tags_link BTL, books Books where Books.id=BTL.book and tag = '.$id.' order by Books.sort limit '.$length.' offset '.$offset;
} else {
$count = 'select count (*) from (select BTL.book, Books.* from books_tags_link BTL, books Books where Books.id=BTL.book and tag = '.$id.') where lower(sort) like \'%'.strtolower($search).'%\'';
$query = 'select BTL.book, Books.* from books_tags_link BTL, books Books where Books.id=BTL.book and tag = '.$id.' and lower(Books.sort) like \'%'.strtolower($search).'%\' order by Books.sort limit '.$length.' offset '.$offset;
$count = 'select count (*) from (select BTL.book, Books.* from books_tags_link BTL, books Books where Books.id=BTL.book and tag = '.$id.') where lower(sort) like '.strtolower($search);
$query = 'select BTL.book, Books.* from books_tags_link BTL, books Books where Books.id=BTL.book and tag = '.$id.' and lower(Books.sort) like '.strtolower($search).' order by Books.sort limit '.$length.' offset '.$offset;
}
break;
}
Expand Down Expand Up @@ -206,69 +210,73 @@ function findSlice($class, $index=0, $length=100, $search=NULL, $id=NULL) {
function findSliceFiltered($class, $index=0, $length=100, $filter, $search=NULL, $id=NULL) {
if ($index < 0 || $length < 1 || !in_array($class, array('Book','Author','Tag', 'Series', 'SeriesBook', 'TagBook', 'AuthorBook')))
return array('page'=>0,'pages'=>0,'entries'=>NULL);
$offset = $index * $length;
$offset = $index * $length;
if(!is_null($search))
{
$search= $this->calibre->quote( '%'.$search .'%' );
}
switch($class) {
case 'Author':
if (is_null($search)) {
$count = 'select count(*) from authors';
$query = 'select a.id, a.name, a.sort, count(bal.id) as anzahl from authors as a left join books_authors_link as bal on a.id = bal.author group by a.id order by a.sort limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from authors where lower(sort) like \'%'.strtolower($search).'%\'';
$query = 'select a.id, a.name, a.sort, count(bal.id) as anzahl from authors as a left join books_authors_link as bal on a.id = bal.author where lower(a.name) like \'%'.strtolower($search).'%\' group by a.id order by a.sort limit '.$length.' offset '.$offset;
$count = 'select count(*) from authors where lower(sort) like '.strtolower($search);
$query = 'select a.id, a.name, a.sort, count(bal.id) as anzahl from authors as a left join books_authors_link as bal on a.id = bal.author where lower(a.name) like '.strtolower($search).' group by a.id order by a.sort limit '.$length.' offset '.$offset;
}
break;
case 'AuthorBook':
if (is_null($search)) {
$count = 'select count(*) from (select BAL.book, Books.* from books_authors_link BAL, '.$filter->getBooksFilter().' Books where Books.id=BAL.book and author = '.$id.')';
$query = 'select BAL.book, Books.* from books_authors_link BAL, '.$filter->getBooksFilter().' Books where Books.id=BAL.book and author = '.$id.' order by Books.sort limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from (select BAL.book, Books.* from books_authors_link BAL, '.$filter->getBooksFilter().' Books where Books.id=BAL.book and author = '.$id.') where lower(sort) like \'%'.strtolower($search).'%\'';
$query = 'select BAL.book, Books.* from books_authors_link BAL, '.$filter->getBooksFilter().' Books where Books.id=BAL.book and author ='.$id.' and lower(Books.sort) like \'%'.strtolower($search).'%\' order by Books.sort limit '.$length.' offset '.$offset;
$count = 'select count(*) from (select BAL.book, Books.* from books_authors_link BAL, '.$filter->getBooksFilter().' Books where Books.id=BAL.book and author = '.$id.') where lower(sort) like '.strtolower($search);
$query = 'select BAL.book, Books.* from books_authors_link BAL, '.$filter->getBooksFilter().' Books where Books.id=BAL.book and author ='.$id.' and lower(Books.sort) like '.strtolower($search).' order by Books.sort limit '.$length.' offset '.$offset;
}
break;
case 'Book':
if (is_null($search)) {
$count = 'select count(*) from '.$filter->getBooksFilter();
$query = 'select * from '.$filter->getBooksFilter().' order by sort limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from '.$filter->getBooksFilter().' where lower(title) like \'%'.strtolower($search).'%\'';
$query = 'select * from '.$filter->getBooksFilter().' where lower(title) like \'%'.strtolower($search).'%\' order by sort limit '.$length.' offset '.$offset;
$count = 'select count(*) from '.$filter->getBooksFilter().' where lower(title) like '.strtolower($search);
$query = 'select * from '.$filter->getBooksFilter().' where lower(title) like '.strtolower($search).' order by sort limit '.$length.' offset '.$offset;
}
break;
case 'Series':
if (is_null($search)) {
$count = 'select count(*) from series';
$query = 'select series.id, series.name, count(bsl.id) as anzahl from series left join books_series_link as bsl on series.id = bsl.series group by series.id order by series.name limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from series where lower(name) like \'%'.strtolower($search).'%\'';
$query = 'select series.id, series.name, count(bsl.id) as anzahl from series left join books_series_link as bsl on series.id = bsl.series where lower(series.name) like \'%'.strtolower($search).'%\' group by series.id order by series.name limit '.$length.' offset '.$offset;
$count = 'select count(*) from series where lower(name) like '.strtolower($search);
$query = 'select series.id, series.name, count(bsl.id) as anzahl from series left join books_series_link as bsl on series.id = bsl.series where lower(series.name) like '.strtolower($search).' group by series.id order by series.name limit '.$length.' offset '.$offset;
}
break;
case 'SeriesBook':
if (is_null($search)) {
$count = 'select count (*) from (select BSL.book, Books.* from books_series_link BSL, '.$filter->getBooksFilter().' Books where Books.id=BSL.book and series = '.$id.')';
$query = 'select BSL.book, Books.* from books_series_link BSL, '.$filter->getBooksFilter().' Books where Books.id=BSL.book and series = '.$id.' order by series_index limit '.$length.' offset '.$offset;
} else {
$count = 'select count (*) from (select BSL.book, Books.* from books_series_link BSL, '.$filter->getBooksFilter().' Books where Books.id=BSL.book and series = '.$id.') where lower(sort) like \'%'.strtolower($search).'%\'';
$query = 'select BSL.book, Books.* from books_series_link BSL, '.$filter->getBooksFilter().' Books where Books.id=BSL.book and series = '.$id.' and lower(Books.sort) like \'%'.strtolower($search).'%\' order by series_index limit '.$length.' offset '.$offset;
$count = 'select count (*) from (select BSL.book, Books.* from books_series_link BSL, '.$filter->getBooksFilter().' Books where Books.id=BSL.book and series = '.$id.') where lower(sort) like '.strtolower($search);
$query = 'select BSL.book, Books.* from books_series_link BSL, '.$filter->getBooksFilter().' Books where Books.id=BSL.book and series = '.$id.' and lower(Books.sort) like '.strtolower($search).' order by series_index limit '.$length.' offset '.$offset;
}
break;
case 'Tag':
if (is_null($search)) {
$count = 'select count(*) from tags';
$query = 'select tags.id, tags.name, count(btl.id) as anzahl from tags left join books_tags_link as btl on tags.id = btl.tag group by tags.id order by tags.name limit '.$length.' offset '.$offset;
} else {
$count = 'select count(*) from tags where lower(name) like \'%'.strtolower($search).'%\'';
$query = 'select tags.id, tags.name, count(btl.id) as anzahl from tags left join books_tags_link as btl on tags.id = btl.tag where lower(tags.name) like \'%'.strtolower($search).'%\' group by tags.id order by tags.name limit '.$length.' offset '.$offset;
$count = 'select count(*) from tags where lower(name) like '.strtolower($search);
$query = 'select tags.id, tags.name, count(btl.id) as anzahl from tags left join books_tags_link as btl on tags.id = btl.tag where lower(tags.name) like '.strtolower($search).' group by tags.id order by tags.name limit '.$length.' offset '.$offset;
}
break;
case 'TagBook':
if (is_null($search)) {
$count = 'select count (*) from (select BTL.book, Books.* from books_tags_link BTL, '.$filter->getBooksFilter().' Books where Books.id=BTL.book and tag = '.$id.')';
$query = 'select BTL.book, Books.* from books_tags_link BTL, '.$filter->getBooksFilter().' Books where Books.id=BTL.book and tag = '.$id.' order by Books.sort limit '.$length.' offset '.$offset;
} else {
$count = 'select count (*) from (select BTL.book, Books.* from books_tags_link BTL, '.$filter->getBooksFilter().' Books where Books.id=BTL.book and tag = '.$id.') where lower(sort) like \'%'.strtolower($search).'%\'';
$query = 'select BTL.book, Books.* from books_tags_link BTL, '.$filter->getBooksFilter().' Books where Books.id=BTL.book and tag = '.$id.' and lower(Books.sort) like \'%'.strtolower($search).'%\' order by Books.sort limit '.$length.' offset '.$offset;
$count = 'select count (*) from (select BTL.book, Books.* from books_tags_link BTL, '.$filter->getBooksFilter().' Books where Books.id=BTL.book and tag = '.$id.') where lower(sort) like '.strtolower($search);
$query = 'select BTL.book, Books.* from books_tags_link BTL, '.$filter->getBooksFilter().' Books where Books.id=BTL.book and tag = '.$id.' and lower(Books.sort) like '.strtolower($search).' order by Books.sort limit '.$length.' offset '.$offset;
}
break;
}
Expand Down

0 comments on commit b22efca

Please sign in to comment.