function makeSearchQuery()
{
$searchAuthor = filter_input(INPUT_COOKIE, 'searchAuthor', FILTER_VALIDATE_INT);
$searchName = filter_input(INPUT_COOKIE, 'searchName', FILTER_SANITIZE_SPECIAL_CHARS);
$searchFrom = filter::date($_COOKIE['searchFrom']);
$searchTo = filter::date($_COOKIE['searchTo']);
if ($searchFrom == FALSE) {
$searchFrom = '0000-00-00';
}
if ($searchTo == FALSE) {
$searchTo = date('Y-m-d');
}
if ($searchAuthor == FALSE) {
$query = "SELECT * FROM books WHERE date>'{$searchFrom}' AND date<'{$searchTo}' AND name LIKE '%{$searchName}%' ORDER BY id ASC";
} else {
$query = "SELECT * FROM books WHERE date>'{$searchFrom}' AND date<'{$searchTo}' AND author_id='{$searchAuthor}'\n\t\t\t\tAND name LIKE '%{$searchName}%' ORDER BY id ASC";
}
//$query = "SELECT * FROM books WHERE name LIKE '%$searchName%' ORDER BY id ASC";
return $query;
}
function editbook($bid, $okdomains, $dblink)
{
$authorid = filter_input(INPUT_POST, 'authorid', FILTER_SANITIZE_NUMBER_INT);
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS);
$dateto = filter::date($_POST['dateto']);
$preview = filter::allowedURL($_POST['preview'], $okdomains);
if ($authorid == FALSE) {
$message = "Не выбран автор.";
}
if ($name == FALSE) {
$message = "Не указано название книги.";
}
if ($dateto == FALSE) {
$message = "Не указана дата издания.";
}
if ($preview == FALSE) {
$message = "Укажите полный путь к превью (с http://).";
}
if ($authorid != FALSE && $name != FALSE && $dateto != FALSE && $preview != FALSE) {
if ($stm = $dblink->prepare("SELECT COUNT(id) AS cnt FROM authors WHERE id=?")) {
$stm->execute(array($authorid));
$row = $stm->fetch();
$stm = NULL;
$countAuthors = $row['cnt'];
}
if ($countAuthors > 0) {
if ($stm = $dblink->prepare("UPDATE books SET date_update=NOW(), name=?, author_id=?, preview=?, date=? WHERE id=?")) {
$stm->execute(array($name, $authorid, $preview, $dateto, $bid));
$message = "Книга отредактирована ";
$stm = NULL;
}
} else {
$message = "Такого автора не существует";
}
}
return $message;
}
