/**
* -------------------------------------------------------------------------------------------
* @desc Создает строку для поиска в MySQL таблице
* @return
* -------------------------------------------------------------------------------------------
*/
function to_search_string($str)
{
return addCslashes(str_replace('\\', '\\\\', htmlspecialchars(\Faid\DB::escape(trim($str)))), '_%');
}
<?php
header("Content-Type: application/json");
$search_string = $_POST["q"];
if (!isset($search_string)) {
$arr = array("users" => array());
print json_encode($arr, 256);
die;
}
include '../../mod_db.php';
$users = array();
$search_string = addCslashes(mysql_real_escape_string($search_string), '\\%_');
$query = "SELECT `user_id`, `name` FROM `user` WHERE `name` LIKE \"{$search_string}%\" ORDER BY `name` LIMIT 0, 5";
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)) {
$new_user = array("user_id" => $row["user_id"], "name" => $row["name"]);
array_push($users, $new_user);
}
mysql_free_result($result);
$arr = array("users" => $users);
print json_encode($arr, 256);
/**
* Возвращает экранированную строку для placeholder-а поиска LIKE (?S).
*
* @param string $var строка в которой необходимо экранировать спец. символы
* @param string $chars набор символов, которые так же необходимо экранировать.
* По умолчанию экранируются следующие символы: `'"%_`.
* @return string
*/
private function escapeLike($var, $chars = "%_")
{
$var = str_replace('\\', '\\\\', $var);
$var = $this->mysqlRealEscapeString($var);
if ($chars) {
$var = addCslashes($var, $chars);
}
return $var;
}
public function search_newtown($meeting_town, $meeting_region)
{
global $db, $cache, $new_town;
if (!$meeting_town || !$meeting_region) {
return;
}
$new_town = '';
$search_town = array();
$data_twn = addCslashes($meeting_town, '%_');
$data_twn = str_replace('\\', '\\\\', $data_twn);
$data_twn = addCslashes($data_twn, '_%');
$sql = "SELECT name FROM " . REGION_TOWN_TABLE . " \n\t\t\tWHERE region_id =" . $meeting_region . "\n\t\t\tAND name ='" . $data_twn . "'";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$search_town = $row;
}
$db->sql_freeresult($result);
if (sizeof($search_town)) {
return;
} else {
$sql = "SELECT region_flag FROM " . REGION_TABLE . " \n\t\t\t\t\tWHERE region_id =" . $meeting_region;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$flag = $row['region_flag'];
}
$db->sql_freeresult($result);
$data_town = array('region_id' => $meeting_region, 'name' => $meeting_town, 'country_flag' => $flag);
$db->sql_query('INSERT INTO ' . REGION_TOWN_TABLE . ' ' . $db->sql_build_array('INSERT', $data_town));
$cache->destroy('sql', REGION_TOWN_TABLE);
$new_town = $meeting_town;
}
return $new_town;
}
function proverka_geo($data_geo, $i)
{
global $db, $geo_old, $next_id, $user, $id, $geo_ids, $meetings_cash, $new_geo;
$geo_old = array();
$meetings_cash = array();
$new_geo = 0;
// Получение тайников
$data_gn = addCslashes($data_geo['geo_name'], '%_');
$data_gn = str_replace('\\', '\\\\', $data_gn);
$data_gn = addCslashes($data_gn, '_%');
$sql = "SELECT * FROM " . GEO_TABLE . " \n\t\tWHERE geo_id > 0\n\t\tAND geo_link ='" . $data_geo['geo_link'] . "'\n\t\tOR geo_name = '" . $data_gn . "'";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$geo_old = $row;
$meetings_cash[] = $row['geo_id'];
}
$db->sql_freeresult($result);
if (!sizeof($geo_old) && !empty($data_geo['geo_name']) && !empty($data_geo['geo_link'])) {
$data_geo_2 = array('bbcode_bitfield' => '', 'bbcode_uid' => '', 'geo_descr' => '');
$data_geo = array_merge($data_geo, $data_geo_2);
insert_geocash($data_geo);
$new_geo = 1;
return $new_geo;
} else {
if (empty($data_geo['geo_name']) && empty($data_geo['geo_link'])) {
$geo_id = $geo_ids[$i];
$data_geo_3 = array('geo_id' => $geo_id);
$data_geo = array_merge($data_geo, $data_geo_3);
update_geocash($geo_id, $data_geo, $i);
return $new_geo;
} else {
if ($geo_old['geo_meeting_id'] == $data_geo['geo_meeting_id']) {
$data_geo_3 = array('geo_id' => $geo_old['geo_id']);
$data_geo = array_merge($data_geo, $data_geo_3);
update_geocash($geo_id, $data_geo, $i);
return $new_geo;
} else {
return $geo_old;
}
}
}
}