//build query
$select_str = "SELECT DISTINCT p.products_tax_class_id,\n p.products_id,\n pd.products_name,\n p.products_sort,\n p.products_quantity,\n p.products_image,\n p.products_model,\n p.products_price,\n p.products_discount_allowed,\n p.products_date_added,\n p.products_last_modified,\n p.products_date_available,\n p.products_status,\n p.products_startpage,\n p.products_startpage_sort,\n p2c.categories_id ";
$from_str = " FROM " . TABLE_PRODUCTS . " AS p ";
$from_str .= "LEFT JOIN " . TABLE_PRODUCTS_DESCRIPTION . " AS pd ON (p.products_id = pd.products_id) ";
$from_str .= "JOIN " . TABLE_PRODUCTS_TO_CATEGORIES . " AS p2c ON (p.products_id = p2c.products_id) ";
if (ADMIN_SEARCH_IN_ATTR == 'true') {
$from_str .= "LEFT OUTER JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " AS pa ON (p.products_id = pa.products_id) ";
$from_str .= "LEFT OUTER JOIN " . TABLE_PRODUCTS_OPTIONS_VALUES . " AS pov ON (pa.options_values_id = pov.products_options_values_id) ";
}
$from_str .= "LEFT OUTER JOIN " . TABLE_SPECIALS . " AS s ON (p.products_id = s.products_id) AND s.status = '1'";
//where-string
$where_str = " WHERE pd.language_id = '" . (int) $_SESSION['languages_id'] . "'";
$where_str .= $current_category_id != '' ? " AND p2c.categories_id = '" . (int) $current_category_id . "'" : '';
//go for keywords... this is the main search process
if (isset($_GET['search']) && xtc_not_null($_GET['search'])) {
if (xtc_parse_search_string(stripslashes($_GET['search']), $search_keywords)) {
$where_str .= " AND ( ";
for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) {
switch ($search_keywords[$i]) {
case '(':
case ')':
case 'and':
case 'or':
$where_str .= " " . $search_keywords[$i] . " ";
break;
default:
$ent_keyword = encode_htmlentities($search_keywords[$i]);
$ent_keyword = $ent_keyword != $search_keywords[$i] ? addslashes($ent_keyword) : false;
$keyword = addslashes($search_keywords[$i]);
$where_str .= " ( ";
$where_str .= "pd.products_keywords LIKE ('%" . $keyword . "%') ";
$from_str .= $subcat_join;
$from_str .= SEARCH_IN_ATTR == 'true' ? " LEFT OUTER JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " AS pa ON (p.products_id = pa.products_id) LEFT OUTER JOIN " . TABLE_PRODUCTS_OPTIONS_VALUES . " AS pov ON (pa.options_values_id = pov.products_options_values_id) " : "";
$from_str .= "LEFT OUTER JOIN " . TABLE_SPECIALS . " AS s ON (p.products_id = s.products_id) AND s.status = '1'";
if ($NeedTax) {
if (!isset($_SESSION['customer_country_id'])) {
$_SESSION['customer_country_id'] = STORE_COUNTRY;
$_SESSION['customer_zone_id'] = STORE_ZONE;
}
$from_str .= " LEFT OUTER JOIN " . TABLE_TAX_RATES . " tr ON (p.products_tax_class_id = tr.tax_class_id) LEFT OUTER JOIN " . TABLE_ZONES_TO_GEO_ZONES . " gz ON (tr.tax_zone_id = gz.geo_zone_id) ";
$tax_where = " AND (gz.zone_country_id IS NULL OR gz.zone_country_id = '0' OR gz.zone_country_id = '" . (int) $_SESSION['customer_country_id'] . "') AND (gz.zone_id is null OR gz.zone_id = '0' OR gz.zone_id = '" . (int) $_SESSION['customer_zone_id'] . "')";
}
//where-string
$where_str = "\n WHERE p.products_status = 1\n AND pd.language_id = '" . $_SESSION['languages_id'] . "'" . $subcat_where . $fsk_lock . $manu_check . $group_check . $tax_where . $pfrom_check . $pto_check;
//go for keywords... this is the main search process
if ($keywords) {
if (xtc_parse_search_string($keywords, $search_keywords)) {
$where_str .= " AND ( ";
for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) {
switch ($search_keywords[$i]) {
case '(':
case ')':
case 'and':
case 'or':
$where_str .= " " . $search_keywords[$i] . " ";
break;
default:
$ent_keyword = encode_htmlentities($search_keywords[$i]);
// umlauts
$ent_keyword = $ent_keyword != $search_keywords[$i] ? addslashes($ent_keyword) : false;
$keyword = addslashes($search_keywords[$i]);
$where_str .= " ( ";
