function makeSearchQuery() { $searchAuthor = filter_input(INPUT_COOKIE, 'searchAuthor', FILTER_VALIDATE_INT); $searchName = filter_input(INPUT_COOKIE, 'searchName', FILTER_SANITIZE_SPECIAL_CHARS); $searchFrom = filter::date($_COOKIE['searchFrom']); $searchTo = filter::date($_COOKIE['searchTo']); if ($searchFrom == FALSE) { $searchFrom = '0000-00-00'; } if ($searchTo == FALSE) { $searchTo = date('Y-m-d'); } if ($searchAuthor == FALSE) { $query = "SELECT * FROM books WHERE date>'{$searchFrom}' AND date<'{$searchTo}' AND name LIKE '%{$searchName}%' ORDER BY id ASC"; } else { $query = "SELECT * FROM books WHERE date>'{$searchFrom}' AND date<'{$searchTo}' AND author_id='{$searchAuthor}'\n\t\t\t\tAND name LIKE '%{$searchName}%' ORDER BY id ASC"; } //$query = "SELECT * FROM books WHERE name LIKE '%$searchName%' ORDER BY id ASC"; return $query; }
function editbook($bid, $okdomains, $dblink) { $authorid = filter_input(INPUT_POST, 'authorid', FILTER_SANITIZE_NUMBER_INT); $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS); $dateto = filter::date($_POST['dateto']); $preview = filter::allowedURL($_POST['preview'], $okdomains); if ($authorid == FALSE) { $message = "Не выбран автор."; } if ($name == FALSE) { $message = "Не указано название книги."; } if ($dateto == FALSE) { $message = "Не указана дата издания."; } if ($preview == FALSE) { $message = "Укажите полный путь к превью (с http://)."; } if ($authorid != FALSE && $name != FALSE && $dateto != FALSE && $preview != FALSE) { if ($stm = $dblink->prepare("SELECT COUNT(id) AS cnt FROM authors WHERE id=?")) { $stm->execute(array($authorid)); $row = $stm->fetch(); $stm = NULL; $countAuthors = $row['cnt']; } if ($countAuthors > 0) { if ($stm = $dblink->prepare("UPDATE books SET date_update=NOW(), name=?, author_id=?, preview=?, date=? WHERE id=?")) { $stm->execute(array($name, $authorid, $preview, $dateto, $bid)); $message = "Книга отредактирована "; $stm = NULL; } } else { $message = "Такого автора не существует"; } } return $message; }