//build query $select_str = "SELECT DISTINCT p.products_tax_class_id,\n p.products_id,\n pd.products_name,\n p.products_sort,\n p.products_quantity,\n p.products_image,\n p.products_model,\n p.products_price,\n p.products_discount_allowed,\n p.products_date_added,\n p.products_last_modified,\n p.products_date_available,\n p.products_status,\n p.products_startpage,\n p.products_startpage_sort,\n p2c.categories_id "; $from_str = " FROM " . TABLE_PRODUCTS . " AS p "; $from_str .= "LEFT JOIN " . TABLE_PRODUCTS_DESCRIPTION . " AS pd ON (p.products_id = pd.products_id) "; $from_str .= "JOIN " . TABLE_PRODUCTS_TO_CATEGORIES . " AS p2c ON (p.products_id = p2c.products_id) "; if (ADMIN_SEARCH_IN_ATTR == 'true') { $from_str .= "LEFT OUTER JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " AS pa ON (p.products_id = pa.products_id) "; $from_str .= "LEFT OUTER JOIN " . TABLE_PRODUCTS_OPTIONS_VALUES . " AS pov ON (pa.options_values_id = pov.products_options_values_id) "; } $from_str .= "LEFT OUTER JOIN " . TABLE_SPECIALS . " AS s ON (p.products_id = s.products_id) AND s.status = '1'"; //where-string $where_str = " WHERE pd.language_id = '" . (int) $_SESSION['languages_id'] . "'"; $where_str .= $current_category_id != '' ? " AND p2c.categories_id = '" . (int) $current_category_id . "'" : ''; //go for keywords... this is the main search process if (isset($_GET['search']) && xtc_not_null($_GET['search'])) { if (xtc_parse_search_string(stripslashes($_GET['search']), $search_keywords)) { $where_str .= " AND ( "; for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) { switch ($search_keywords[$i]) { case '(': case ')': case 'and': case 'or': $where_str .= " " . $search_keywords[$i] . " "; break; default: $ent_keyword = encode_htmlentities($search_keywords[$i]); $ent_keyword = $ent_keyword != $search_keywords[$i] ? addslashes($ent_keyword) : false; $keyword = addslashes($search_keywords[$i]); $where_str .= " ( "; $where_str .= "pd.products_keywords LIKE ('%" . $keyword . "%') ";
$from_str .= $subcat_join; $from_str .= SEARCH_IN_ATTR == 'true' ? " LEFT OUTER JOIN " . TABLE_PRODUCTS_ATTRIBUTES . " AS pa ON (p.products_id = pa.products_id) LEFT OUTER JOIN " . TABLE_PRODUCTS_OPTIONS_VALUES . " AS pov ON (pa.options_values_id = pov.products_options_values_id) " : ""; $from_str .= "LEFT OUTER JOIN " . TABLE_SPECIALS . " AS s ON (p.products_id = s.products_id) AND s.status = '1'"; if ($NeedTax) { if (!isset($_SESSION['customer_country_id'])) { $_SESSION['customer_country_id'] = STORE_COUNTRY; $_SESSION['customer_zone_id'] = STORE_ZONE; } $from_str .= " LEFT OUTER JOIN " . TABLE_TAX_RATES . " tr ON (p.products_tax_class_id = tr.tax_class_id) LEFT OUTER JOIN " . TABLE_ZONES_TO_GEO_ZONES . " gz ON (tr.tax_zone_id = gz.geo_zone_id) "; $tax_where = " AND (gz.zone_country_id IS NULL OR gz.zone_country_id = '0' OR gz.zone_country_id = '" . (int) $_SESSION['customer_country_id'] . "') AND (gz.zone_id is null OR gz.zone_id = '0' OR gz.zone_id = '" . (int) $_SESSION['customer_zone_id'] . "')"; } //where-string $where_str = "\n WHERE p.products_status = 1\n AND pd.language_id = '" . $_SESSION['languages_id'] . "'" . $subcat_where . $fsk_lock . $manu_check . $group_check . $tax_where . $pfrom_check . $pto_check; //go for keywords... this is the main search process if ($keywords) { if (xtc_parse_search_string($keywords, $search_keywords)) { $where_str .= " AND ( "; for ($i = 0, $n = sizeof($search_keywords); $i < $n; $i++) { switch ($search_keywords[$i]) { case '(': case ')': case 'and': case 'or': $where_str .= " " . $search_keywords[$i] . " "; break; default: $ent_keyword = encode_htmlentities($search_keywords[$i]); // umlauts $ent_keyword = $ent_keyword != $search_keywords[$i] ? addslashes($ent_keyword) : false; $keyword = addslashes($search_keywords[$i]); $where_str .= " ( ";