Public/infopump
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security and functional improvements to results.php

Browse Source
This commit is contained in:
Daniel Messer
2025-10-08 15:40:14 -05:00
parent e83fb53d02
commit e85c7fd578
2 changed files with 602 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

381
archive/results-old.php Normal file
View File

@@ -0,0 +1,381 @@
<?php
include_once "settings.php";
// Get and use a basic title search for pulling records.
$keywordsearch = htmlspecialchars($_GET["kw"]);
$authorsearch = htmlspecialchars($_GET["au"]);
$typesearch = htmlspecialchars($_GET["ty"]);
$subtypesearch = htmlspecialchars($_GET["st"]);
$seriessearch = htmlspecialchars($_GET["se"]);
$subjectsearch = htmlspecialchars($_GET["su"]);
$socialkw = mb_convert_case($keywordsearch, MB_CASE_TITLE, "UTF-8");
$socialau = mb_convert_case($authorsearch, MB_CASE_TITLE, "UTF-8");
$socialty = mb_convert_case($typesearch, MB_CASE_TITLE, "UTF-8");
$socialst = mb_convert_case($subtypesearch, MB_CASE_TITLE, "UTF-8");
$socialse = mb_convert_case($seriessearch, MB_CASE_TITLE, "UTF-8");
$socialsu = mb_convert_case($subjectsearch, MB_CASE_TITLE, "UTF-8");
if (!empty($keywordsearch)) {
$searchtopic = 'Keyword: '.$socialkw;
} elseif (!empty($authorsearch)) {
$searchtopic = 'Author: '.$socialau;
} elseif (!empty($typesearch)) {
$searchtopic = 'Type: '.$socialty;
} elseif (!empty($seriessearch)) {
$searchtopic = 'Series: '.$socialse;
} elseif (!empty($subjectsearch)) {
$searchtopic = 'Subject: '.$socialsu;
} else {
$searchtopic = 'Subtype: '.$socialst;
}
// -------------------- BEGIN DATABASE QUERIES --------------------
// Establish atabase connection
$db = new SQLite3('metadata.sqlite');
$keywordquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link ON books_tags_link.book = books.id
INNER JOIN
tags ON tags.id = books_tags_link.tag
WHERE books.title LIKE '%$keywordsearch%'
OR books.author_sort LIKE '%$keywordsearch%'
OR comments.text LIKE '%$keywordsearch%'
OR tags.name LIKE '%$keywordsearch%'
ORDER BY books.title ASC");
$authorquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link ON books_tags_link.book = books.id
WHERE books.author_sort LIKE '%$authorsearch%'
ORDER BY books.title ASC");
$typequery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_custom_column_1_link ON books_custom_column_1_link.book = books.id
INNER JOIN
custom_column_1 ON custom_column_1.id = books_custom_column_1_link.value
WHERE
custom_column_1.value = '$typesearch'
ORDER BY books.title ASC");
$subtypequery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_custom_column_3_link ON books_custom_column_3_link.book = books.id
INNER JOIN
custom_column_3 ON custom_column_3.id = books_custom_column_3_link.value
WHERE
custom_column_3.value = '$subtypesearch'
ORDER BY books.title ASC");
$seriesquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_series_link ON books_series_link.book = books.id
INNER JOIN
series ON series.id = books_series_link.series
WHERE series.name = '$seriessearch'
ORDER BY books.series_index ASC");
$subjectquery = $db->query("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link on books_tags_link.book = books.id
INNER JOIN
tags on tags.id = books_tags_link.tag
WHERE tags.name = '$subjectsearch'
ORDER BY books.title ASC");
$types = $db->query("SELECT
value
FROM custom_column_1
ORDER BY value ASC");
$subtypes = $db->query("SELECT
value
FROM custom_column_3
ORDER BY value ASC");
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Infopump - Search results - <?php echo $searchtopic; ?></title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Free HTML5 Template by FREEHTML5.CO" />
<meta name="keywords" content="free html5, free template, free bootstrap, html5, css3, mobile first, responsive" />
<meta name="author" content="FREEHTML5.CO" />
<!--
//////////////////////////////////////////////////////
FREE HTML5 TEMPLATE
DESIGNED & DEVELOPED by FREEHTML5.CO
Website: http://freehtml5.co/
Email: info@freehtml5.co
Twitter: http://twitter.com/fh5co
Facebook: https://www.facebook.com/fh5co
//////////////////////////////////////////////////////
-->
<!-- Facebook and Twitter integration -->
<meta property="og:title" content=<?php echo '"'.$SiteName.' - Search - '.$searchtopic.'" />';?>
<meta property="og:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?>
<?php
if (!empty($keywordsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?kw='.$socialkw.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?kw='.$socialkw.'" />';
} elseif (!empty($authorsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?au='.$socialau.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?au='.$socialau.'" />';
} elseif (!empty($typesearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialty.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialty.'" />';
} elseif (!empty($seriessearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialse.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialse.'" />';
} elseif (!empty($subjectsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialsu.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialsu.'" />';
} else {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialst.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialst.'" />';
}
?>
<meta property="og:site_name" content=<?php echo '"'.$SiteName.' - Search Results" />';?>
<meta property="og:description" content=<?php echo '"'.$SubName.'" />';?>
<meta name="twitter:title" content=<?php echo '"'.$SiteName.' - Search - '.$searchtopic.'" />';?>
<meta name="twitter:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?>
<meta name="twitter:card" content="summary" />
<!-- Place favicon.ico and apple-touch-icon.png in the root directory -->
<link rel="shortcut icon" href="favicon.ico">
<!-- Google Fonts -->
<link href='http://fonts.googleapis.com/css?family=Playfair+Display:400,700,400italic|Roboto:400,300,700' rel='stylesheet' type='text/css'>
<!-- Animate -->
<link rel="stylesheet" href="css/animate.css">
<!-- Icomoon -->
<link rel="stylesheet" href="css/icomoon.css">
<!-- Bootstrap -->
<link rel="stylesheet" href="css/bootstrap.css">
<link rel="stylesheet" href="css/style.css">
<!-- Modernizr JS -->
<script src="js/modernizr-2.6.2.min.js"></script>
<!-- FOR IE9 below -->
<!--[if lt IE 9]>
<script src="js/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div id="fh5co-offcanvas">
<a href="#" class="fh5co-close-offcanvas js-fh5co-close-offcanvas"><span><i class="icon-cross3"></i> <span>Close</span></span></a>
<div class="fh5co-bio">
<figure>
<a href="index.php"><img src="images/avatar.jpg" alt="Infopump Avatar" class="img-responsive"></a>
</figure>
<h3 class="heading">About the Project</h3>
<a href="index.php"><h2>Infopump</h2></a>
<p>A bibliographic management and display system.</p>
<hr>
<p>A free, open source project from:<br />
<a href="https://rss.com/podcasts/l0wl1f3podcast/">The L0WL1F3 Podcast</a><br />
<a href="https://www.neondystopia.com/">Neon Dystopia</a><br />
<a href="https://cyberpunklibrarian.com">Cyberpunk Librarian</a>
</p>
<ul class="fh5co-social">
<!--<li><a href="#"><i class="icon-twitter"></i></a></li>-->
<!--<li><a href="#"><i class="icon-facebook"></i></a></li>
<li><a href="#"><i class="icon-instagram"></i></a></li>-->
</ul>
</div>
<div class="fh5co-menu">
<div class="fh5co-box">
<h3 class="heading">Recent Additions</h3>
<ul>
<?php
while ($row = $types->fetchArray()) {
$row_value = $row['value'];
$row_titlecase = mb_convert_case($row_value, MB_CASE_TITLE, "UTF-8");
echo '<li><a href="recent.php?ty='.$row_value.'">'.$row_titlecase.'</a></li>';
//echo '<li>'.$row_value.'</li>';
}
?>
</ul>
</div>
<div class="fh5co-box">
<h3 class="heading">Search</h3>
<form action="results.php" method="get">
<div class="form-group">
<input type="text" class="form-control" name="kw" placeholder="Keyword search">
</div>
</form>
</div>
</div>
</div>
<!-- END #fh5co-offcanvas -->
<header id="fh5co-header">
<div class="container-fluid">
<div class="row">
<a href="#" class="js-fh5co-nav-toggle fh5co-nav-toggle"><i></i></a>
<!-- <ul class="fh5co-social">
<li><a href="#"><i class="icon-twitter"></i></a></li>
<li><a href="#"><i class="icon-facebook"></i></a></li>
<li><a href="#"><i class="icon-instagram"></i></a></li>
</ul> -->
<div class="col-lg-12 col-md-12 text-center">
<h1 id="fh5co-logo"><a href="index.php">Search Results<br /><br /><?php echo $searchtopic; ?></a></h1>
</div>
</div>
</div>
</header>
<!-- END #fh5co-header -->
<div class="container-fluid">
<div class="row fh5co-post-entry single-entry">
<article class="col-lg-8 col-lg-offset-2 col-md-8 col-md-offset-2 col-sm-8 col-sm-offset-2 col-xs-12 col-xs-offset-0">
<div class="col-lg-12 col-lg-offset-0 col-md-12 col-md-offset-0 col-sm-12 col-sm-offset-0 col-xs-12 col-xs-offset-0 text-left content-article">
<div class="row rp-b">
<div class="col-md-12 animate-box">
<?php
if ($keywordsearch != '') {
while ($row = $keywordquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($typesearch != '') {
while ($row = $typequery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($authorsearch != '') {
while ($row = $authorquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($seriessearch != '') {
while ($row = $seriesquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($subjectsearch != '') {
while ($row = $subjectquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} else {
while ($row = $subtypequery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
}
?>
</div>
</div>
</div>
</article>
</div>
</div>
<footer id="fh5co-footer">
<p><small>&copy; Creative Commons By-NC-SA<br> Design by <a href="http://freehtml5.co" target="_blank">FREEHTML5.co</a></small></p>
</footer>
<!-- jQuery -->
<script src="js/jquery.min.js"></script>
<!-- jQuery Easing -->
<script src="js/jquery.easing.1.3.js"></script>
<!-- Bootstrap -->
<script src="js/bootstrap.min.js"></script>
<!-- Waypoints -->
<script src="js/jquery.waypoints.min.js"></script>
<!-- Main JS -->
<script src="js/main.js"></script>
</body>
</html>

437
results.php
View File

@@ -2,140 +2,200 @@
include_once "settings.php"; include_once "settings.php";
// Get and use a basic title search for pulling records. // Initialize variables
$keywordsearch = htmlspecialchars($_GET["kw"]); $keywordsearch = '';
$authorsearch = htmlspecialchars($_GET["au"]); $authorsearch = '';
$typesearch = htmlspecialchars($_GET["ty"]); $typesearch = '';
$subtypesearch = htmlspecialchars($_GET["st"]); $subtypesearch = '';
$seriessearch = htmlspecialchars($_GET["se"]); $seriessearch = '';
$subjectsearch = htmlspecialchars($_GET["su"]); $subjectsearch = '';
$searchtopic = '';
$searchtype = '';
$socialkw = mb_convert_case($keywordsearch, MB_CASE_TITLE, "UTF-8"); // Sanitize and validate input
$socialau = mb_convert_case($authorsearch, MB_CASE_TITLE, "UTF-8"); if (!empty($_GET["kw"])) {
$socialty = mb_convert_case($typesearch, MB_CASE_TITLE, "UTF-8"); $keywordsearch = trim($_GET["kw"]);
$socialst = mb_convert_case($subtypesearch, MB_CASE_TITLE, "UTF-8"); $searchtopic = 'Keyword: ' . htmlspecialchars($keywordsearch, ENT_QUOTES, 'UTF-8');
$socialse = mb_convert_case($seriessearch, MB_CASE_TITLE, "UTF-8"); $searchtype = 'keyword';
$socialsu = mb_convert_case($subjectsearch, MB_CASE_TITLE, "UTF-8"); } elseif (!empty($_GET["au"])) {
$authorsearch = trim($_GET["au"]);
$searchtopic = 'Author: ' . htmlspecialchars($authorsearch, ENT_QUOTES, 'UTF-8');
$searchtype = 'author';
} elseif (!empty($_GET["ty"])) {
$typesearch = trim($_GET["ty"]);
$searchtopic = 'Type: ' . htmlspecialchars(mb_convert_case($typesearch, MB_CASE_TITLE, "UTF-8"), ENT_QUOTES, 'UTF-8');
$searchtype = 'type';
} elseif (!empty($_GET["st"])) {
$subtypesearch = trim($_GET["st"]);
$searchtopic = 'Subtype: ' . htmlspecialchars(mb_convert_case($subtypesearch, MB_CASE_TITLE, "UTF-8"), ENT_QUOTES, 'UTF-8');
$searchtype = 'subtype';
} elseif (!empty($_GET["se"])) {
$seriessearch = trim($_GET["se"]);
$searchtopic = 'Series: ' . htmlspecialchars($seriessearch, ENT_QUOTES, 'UTF-8');
$searchtype = 'series';
} elseif (!empty($_GET["su"])) {
$subjectsearch = trim($_GET["su"]);
$searchtopic = 'Subject: ' . htmlspecialchars($subjectsearch, ENT_QUOTES, 'UTF-8');
$searchtype = 'subject';
}
if (!empty($keywordsearch)) { // If no valid search parameter, redirect to index
$searchtopic = 'Keyword: '.$socialkw; if (empty($searchtype)) {
} elseif (!empty($authorsearch)) { header('Location: index.php');
$searchtopic = 'Author: '.$socialau; exit;
} elseif (!empty($typesearch)) {
$searchtopic = 'Type: '.$socialty;
} elseif (!empty($seriessearch)) {
$searchtopic = 'Series: '.$socialse;
} elseif (!empty($subjectsearch)) {
$searchtopic = 'Subject: '.$socialsu;
} else {
$searchtopic = 'Subtype: '.$socialst;
} }
// -------------------- BEGIN DATABASE QUERIES -------------------- // -------------------- BEGIN DATABASE QUERIES --------------------
// Establish atabase connection // Establish database connection
$db = new SQLite3('metadata.sqlite'); try {
$db = new SQLite3('metadata.sqlite');
$db->enableExceptions(true);
} catch (Exception $e) {
error_log("Database connection error: " . $e->getMessage());
die("Database connection failed");
}
$keywordquery = $db->query("SELECT // Prepare the appropriate query based on search type
DISTINCT books.id AS id, $results = null;
books.title AS title,
SUBSTR(comments.text,0,120) AS excerpt
FROM books
INNER JOIN
comments ON comments.book = books.id
INNER JOIN
books_tags_link ON books_tags_link.book = books.id
INNER JOIN
tags ON tags.id = books_tags_link.tag
WHERE books.title LIKE '%$keywordsearch%'
OR books.author_sort LIKE '%$keywordsearch%'
OR comments.text LIKE '%$keywordsearch%'
OR tags.name LIKE '%$keywordsearch%'
ORDER BY books.title ASC");
$authorquery = $db->query("SELECT switch ($searchtype) {
DISTINCT books.id AS id, case 'keyword':
books.title AS title, $searchPattern = '%' . $keywordsearch . '%';
SUBSTR(comments.text,0,120) AS excerpt $stmt = $db->prepare("SELECT
FROM books DISTINCT books.id AS id,
INNER JOIN books.title AS title,
comments ON comments.book = books.id SUBSTR(comments.text, 0, 120) AS excerpt
INNER JOIN FROM books
books_tags_link ON books_tags_link.book = books.id INNER JOIN comments ON comments.book = books.id
WHERE books.author_sort LIKE '%$authorsearch%' INNER JOIN books_tags_link ON books_tags_link.book = books.id
ORDER BY books.title ASC"); INNER JOIN tags ON tags.id = books_tags_link.tag
WHERE books.title LIKE :search
OR books.author_sort LIKE :search
OR comments.text LIKE :search
OR tags.name LIKE :search
ORDER BY books.title ASC
LIMIT 100");
$stmt->bindValue(':search', $searchPattern, SQLITE3_TEXT);
break;
case 'author':
$searchPattern = '%' . $authorsearch . '%';
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt
FROM books
INNER JOIN comments ON comments.book = books.id
INNER JOIN books_tags_link ON books_tags_link.book = books.id
WHERE books.author_sort LIKE :search
ORDER BY books.title ASC
LIMIT 100");
$stmt->bindValue(':search', $searchPattern, SQLITE3_TEXT);
break;
case 'type':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt
FROM books
INNER JOIN comments ON comments.book = books.id
INNER JOIN books_custom_column_1_link ON books_custom_column_1_link.book = books.id
INNER JOIN custom_column_1 ON custom_column_1.id = books_custom_column_1_link.value
WHERE custom_column_1.value = :search
ORDER BY books.title ASC
LIMIT 100");
$stmt->bindValue(':search', $typesearch, SQLITE3_TEXT);
break;
case 'subtype':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt
FROM books
INNER JOIN comments ON comments.book = books.id
INNER JOIN books_custom_column_3_link ON books_custom_column_3_link.book = books.id
INNER JOIN custom_column_3 ON custom_column_3.id = books_custom_column_3_link.value
WHERE custom_column_3.value = :search
ORDER BY books.title ASC
LIMIT 100");
$stmt->bindValue(':search', $subtypesearch, SQLITE3_TEXT);
break;
case 'series':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt
FROM books
INNER JOIN comments ON comments.book = books.id
INNER JOIN books_series_link ON books_series_link.book = books.id
INNER JOIN series ON series.id = books_series_link.series
WHERE series.name = :search
ORDER BY books.series_index ASC
LIMIT 100");
$stmt->bindValue(':search', $seriessearch, SQLITE3_TEXT);
break;
case 'subject':
$stmt = $db->prepare("SELECT
DISTINCT books.id AS id,
books.title AS title,
SUBSTR(comments.text, 0, 120) AS excerpt
FROM books
INNER JOIN comments ON comments.book = books.id
INNER JOIN books_tags_link ON books_tags_link.book = books.id
INNER JOIN tags ON tags.id = books_tags_link.tag
WHERE tags.name = :search
ORDER BY books.title ASC
LIMIT 100");
$stmt->bindValue(':search', $subjectsearch, SQLITE3_TEXT);
break;
}
$typequery = $db->query("SELECT // Execute query and handle errors
DISTINCT books.id AS id, try {
books.title AS title, $results = $stmt->execute();
SUBSTR(comments.text,0,120) AS excerpt } catch (Exception $e) {
FROM books error_log("Query execution error: " . $e->getMessage());
INNER JOIN $results = null;
comments ON comments.book = books.id }
INNER JOIN
books_custom_column_1_link ON books_custom_column_1_link.book = books.id
INNER JOIN
custom_column_1 ON custom_column_1.id = books_custom_column_1_link.value
WHERE
custom_column_1.value = '$typesearch'
ORDER BY books.title ASC");
$subtypequery = $db->query("SELECT // Get types for menu
DISTINCT books.id AS id, try {
books.title AS title, $types = $db->query("SELECT value FROM custom_column_1 ORDER BY value ASC");
SUBSTR(comments.text,0,120) AS excerpt } catch (Exception $e) {
FROM books error_log("Types query error: " . $e->getMessage());
INNER JOIN $types = null;
comments ON comments.book = books.id }
INNER JOIN
books_custom_column_3_link ON books_custom_column_3_link.book = books.id
INNER JOIN
custom_column_3 ON custom_column_3.id = books_custom_column_3_link.value
WHERE
custom_column_3.value = '$subtypesearch'
ORDER BY books.title ASC");
$seriesquery = $db->query("SELECT // Build social media URLs safely
DISTINCT books.id AS id, $socialUrl = '';
books.title AS title, switch ($searchtype) {
SUBSTR(comments.text,0,120) AS excerpt case 'keyword':
FROM books $socialUrl = $SiteURL . '/results.php?kw=' . urlencode($keywordsearch);
INNER JOIN break;
comments ON comments.book = books.id case 'author':
INNER JOIN $socialUrl = $SiteURL . '/results.php?au=' . urlencode($authorsearch);
books_series_link ON books_series_link.book = books.id break;
INNER JOIN case 'type':
series ON series.id = books_series_link.series $socialUrl = $SiteURL . '/results.php?ty=' . urlencode($typesearch);
WHERE series.name = '$seriessearch' break;
ORDER BY books.series_index ASC"); case 'subtype':
$socialUrl = $SiteURL . '/results.php?st=' . urlencode($subtypesearch);
$subjectquery = $db->query("SELECT break;
DISTINCT books.id AS id, case 'series':
books.title AS title, $socialUrl = $SiteURL . '/results.php?se=' . urlencode($seriessearch);
SUBSTR(comments.text,0,120) AS excerpt break;
FROM books case 'subject':
INNER JOIN $socialUrl = $SiteURL . '/results.php?su=' . urlencode($subjectsearch);
comments ON comments.book = books.id break;
INNER JOIN }
books_tags_link on books_tags_link.book = books.id
INNER JOIN
tags on tags.id = books_tags_link.tag
WHERE tags.name = '$subjectsearch'
ORDER BY books.title ASC");
$types = $db->query("SELECT
value
FROM custom_column_1
ORDER BY value ASC");
$subtypes = $db->query("SELECT
value
FROM custom_column_3
ORDER BY value ASC");
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]--> <!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]--> <!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
@@ -144,9 +204,9 @@ ORDER BY value ASC");
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Infopump - Search results - <?php echo $searchtopic; ?></title> <title>Infopump - Search results - <?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?></title>
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Free HTML5 Template by FREEHTML5.CO" /> <meta name="description" content="Search results for <?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
<meta name="keywords" content="free html5, free template, free bootstrap, html5, css3, mobile first, responsive" /> <meta name="keywords" content="free html5, free template, free bootstrap, html5, css3, mobile first, responsive" />
<meta name="author" content="FREEHTML5.CO" /> <meta name="author" content="FREEHTML5.CO" />
@@ -165,42 +225,14 @@ ORDER BY value ASC");
--> -->
<!-- Facebook and Twitter integration --> <!-- Facebook and Twitter integration -->
<meta property="og:title" content=<?php echo '"'.$SiteName.' - Search - '.$searchtopic.'" />';?> <meta property="og:title" content="<?php echo htmlspecialchars($SiteName . ' - Search - ' . $searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
<meta property="og:image" content="<?php echo htmlspecialchars($SiteURL, ENT_QUOTES, 'UTF-8'); ?>/images/og-site-avatar.jpg" />
<meta property="og:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?> <meta property="og:url" content="<?php echo htmlspecialchars($socialUrl, ENT_QUOTES, 'UTF-8'); ?>" />
<meta property="og:site_name" content="<?php echo htmlspecialchars($SiteName . ' - Search Results', ENT_QUOTES, 'UTF-8'); ?>" />
<?php <meta property="og:description" content="<?php echo htmlspecialchars($SubName, ENT_QUOTES, 'UTF-8'); ?>" />
if (!empty($keywordsearch)) { <meta name="twitter:title" content="<?php echo htmlspecialchars($SiteName . ' - Search - ' . $searchtopic, ENT_QUOTES, 'UTF-8'); ?>" />
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?kw='.$socialkw.'" />'; <meta name="twitter:image" content="<?php echo htmlspecialchars($SiteURL, ENT_QUOTES, 'UTF-8'); ?>/images/og-site-avatar.jpg" />
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?kw='.$socialkw.'" />'; <meta name="twitter:url" content="<?php echo htmlspecialchars($socialUrl, ENT_QUOTES, 'UTF-8'); ?>" />
} elseif (!empty($authorsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?au='.$socialau.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?au='.$socialau.'" />';
} elseif (!empty($typesearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialty.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialty.'" />';
} elseif (!empty($seriessearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialse.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialse.'" />';
} elseif (!empty($subjectsearch)) {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialsu.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialsu.'" />';
} else {
echo '<meta property="og:url" content="'.$SiteURL.'/results.php?ty='.$socialst.'" />';
echo '<meta name="twitter:url" content="'.$SiteURL.'/results.php?ty='.$socialst.'" />';
}
?>
<meta property="og:site_name" content=<?php echo '"'.$SiteName.' - Search Results" />';?>
<meta property="og:description" content=<?php echo '"'.$SubName.'" />';?>
<meta name="twitter:title" content=<?php echo '"'.$SiteName.' - Search - '.$searchtopic.'" />';?>
<meta name="twitter:image" content=<?php echo '"'.$SiteURL.'/images/og-site-avatar.jpg" />';?>
<meta name="twitter:card" content="summary" /> <meta name="twitter:card" content="summary" />
<!-- Place favicon.ico and apple-touch-icon.png in the root directory --> <!-- Place favicon.ico and apple-touch-icon.png in the root directory -->
@@ -213,10 +245,8 @@ ORDER BY value ASC");
<link rel="stylesheet" href="css/icomoon.css"> <link rel="stylesheet" href="css/icomoon.css">
<!-- Bootstrap --> <!-- Bootstrap -->
<link rel="stylesheet" href="css/bootstrap.css"> <link rel="stylesheet" href="css/bootstrap.css">
<link rel="stylesheet" href="css/style.css"> <link rel="stylesheet" href="css/style.css">
<!-- Modernizr JS --> <!-- Modernizr JS -->
<script src="js/modernizr-2.6.2.min.js"></script> <script src="js/modernizr-2.6.2.min.js"></script>
<!-- FOR IE9 below --> <!-- FOR IE9 below -->
@@ -253,12 +283,12 @@ ORDER BY value ASC");
<h3 class="heading">Recent Additions</h3> <h3 class="heading">Recent Additions</h3>
<ul> <ul>
<?php <?php
while ($row = $types->fetchArray()) { if ($types) {
$row_value = $row['value']; while ($row = $types->fetchArray(SQLITE3_ASSOC)) {
$row_titlecase = mb_convert_case($row_value, MB_CASE_TITLE, "UTF-8"); $row_value = htmlspecialchars($row['value'], ENT_QUOTES, 'UTF-8');
echo '<li><a href="recent.php?ty='.$row_value.'">'.$row_titlecase.'</a></li>'; $row_titlecase = htmlspecialchars(mb_convert_case($row['value'], MB_CASE_TITLE, "UTF-8"), ENT_QUOTES, 'UTF-8');
//echo '<li>'.$row_value.'</li>'; echo '<li><a href="recent.php?ty=' . urlencode($row['value']) . '">' . $row_titlecase . '</a></li>';
}
} }
?> ?>
</ul> </ul>
@@ -267,7 +297,7 @@ ORDER BY value ASC");
<h3 class="heading">Search</h3> <h3 class="heading">Search</h3>
<form action="results.php" method="get"> <form action="results.php" method="get">
<div class="form-group"> <div class="form-group">
<input type="text" class="form-control" name="kw" placeholder="Keyword search"> <input type="text" class="form-control" name="kw" placeholder="Keyword search" maxlength="100">
</div> </div>
</form> </form>
</div> </div>
@@ -287,7 +317,7 @@ ORDER BY value ASC");
<li><a href="#"><i class="icon-instagram"></i></a></li> <li><a href="#"><i class="icon-instagram"></i></a></li>
</ul> --> </ul> -->
<div class="col-lg-12 col-md-12 text-center"> <div class="col-lg-12 col-md-12 text-center">
<h1 id="fh5co-logo"><a href="index.php">Search Results<br /><br /><?php echo $searchtopic; ?></a></h1> <h1 id="fh5co-logo"><a href="index.php">Search Results<br /><br /><?php echo htmlspecialchars($searchtopic, ENT_QUOTES, 'UTF-8'); ?></a></h1>
</div> </div>
</div> </div>
@@ -303,55 +333,26 @@ ORDER BY value ASC");
<div class="row rp-b"> <div class="row rp-b">
<div class="col-md-12 animate-box"> <div class="col-md-12 animate-box">
<?php <?php
if ($keywordsearch != '') { if ($results) {
while ($row = $keywordquery->fetchArray()) { $hasResults = false;
$row_id = $row['id']; while ($row = $results->fetchArray(SQLITE3_ASSOC)) {
$row_title = $row['title']; $hasResults = true;
$row_excerpt = $row['excerpt']; $row_id = (int)$row['id'];
$row_title = htmlspecialchars($row['title'], ENT_QUOTES, 'UTF-8');
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>'; $row_excerpt = htmlspecialchars(strip_tags($row['excerpt']), ENT_QUOTES, 'UTF-8');
echo '<p style="padding:25px 0 35px 0;">';
echo '<img style="float:left; max-height: 120px; padding: 10px 10px" src="images/' . $row_id . '.jpg" alt="' . $row_title . '">';
echo '<strong><em><a href="itemrecord.php?itemid=' . $row_id . '">' . $row_title . '</a></em> :</strong> ';
echo $row_excerpt . '...</p>';
}
if (!$hasResults) {
echo '<p>No results found for your search.</p>';
}
} else {
echo '<p>An error occurred while searching. Please try again.</p>';
} }
} elseif ($typesearch != '') {
while ($row = $typequery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($authorsearch != '') {
while ($row = $authorquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($seriessearch != '') {
while ($row = $seriesquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} elseif ($subjectsearch != '') {
while ($row = $subjectquery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
} else {
while ($row = $subtypequery->fetchArray()) {
$row_id = $row['id'];
$row_title = $row['title'];
$row_excerpt = $row['excerpt'];
echo '<p style="padding:25px 0 35px 0;"><img style="float:left; max-height: 120px; padding: 10px 10px" src="images/'.$row_id.'.jpg"><strong><em><a href="itemrecord.php?itemid='.$row_id.'">'.$row_title.'</em></a> :</strong> '.strip_tags($row_excerpt).'...</p>';
}
}
?> ?>
</div> </div>
</div> </div>
@@ -379,3 +380,7 @@ ORDER BY value ASC");
</body> </body>
</html> </html>
<?php
// Close database connection
$db->close();
?>