to_id($_GET['search']); if ($ArticleID) { //Found Article header('Location: wiki.php?action=article&id='.$ArticleID); } } define('ARTICLES_PER_PAGE', 25); list($Page, $Limit) = Format::page_limit(ARTICLES_PER_PAGE); $OrderVals = array('Title', 'Created', 'Edited'); $WayVals = array('Ascending', 'Descending'); $TypeTable = array('Title'=>'w.Title', 'Body'=>'w.Body'); $OrderTable = array('Title'=>'w.Title', 'Created'=>'w.ID', 'Edited'=>'w.Date'); $WayTable = array('Ascending'=>'ASC', 'Descending'=>'DESC'); // What are we looking for? Let's make sure it isn't dangerous. $Search = db_string(trim($_GET['search'])); if (!in_array($Type, array('w.Title', 'w.Body'))) { $Type = 'w.Title'; } // Break search string down into individual words $Words = explode(' ', $Search); $Type = $TypeTable[$_GET['type']]; if (!$Type) { $Type = 'w.Title'; } $Order = $OrderTable[$_GET['order']]; if (!$Order) { $Order = 'ID'; } $Way = $WayTable[$_GET['way']]; if (!$Way) { $Way = 'DESC'; } $SQL = " SELECT SQL_CALC_FOUND_ROWS w.ID, w.Title, w.Date, w.Author FROM wiki_articles AS w WHERE w.MinClassRead <= '".$LoggedUser['EffectiveClass']."'"; if ($Search != '') { $SQL .= " AND $Type LIKE '%"; $SQL .= implode("%' AND $Type LIKE '%", $Words); $SQL .= "%' "; } $SQL.=" ORDER BY $Order $Way LIMIT $Limit "; $RS = $DB->query($SQL); $DB->query("SELECT FOUND_ROWS()"); list($NumResults) = $DB->next_record(); View::show_header('Search articles'); $DB->set_query_id($RS); ?>
Article | Last updated on | Last edited by |
=$Title?> | =$Date?> | =Users::format_username($UserID, false, false, false)?> |