From 1c26742c635799b12ca32092ac91e19563d815b5 Mon Sep 17 00:00:00 2001 From: Anthony Talarico Date: Thu, 30 Mar 2017 10:10:22 -0400 Subject: [PATCH] adding isset checking on search fields in the search results model --- models/front/obits/search.php | 88 +++++++++++++++++++++-------------- 1 file changed, 53 insertions(+), 35 deletions(-) diff --git a/models/front/obits/search.php b/models/front/obits/search.php index 89e8fdf..5fba23d 100644 --- a/models/front/obits/search.php +++ b/models/front/obits/search.php @@ -91,7 +91,19 @@ class GlmMembersFront_obits_search extends GlmDataObits $prevStart = false; $nextStart = false; $start = 1; - + $sql = false; + $alpha_key = false; + $total_records = false; + $returned = false; + $form_fields = false; + $obits = false; + $numbDisplayed = false; + $lastDisplayed = false; + $alphaList = false; + $get_fields = false; + $empty_search = false; + $search_fields = false; + $this->table = GLM_MEMBERS_OBITS_PLUGIN_DB_PREFIX . 'obits'; $view = 'search'; @@ -111,31 +123,34 @@ class GlmMembersFront_obits_search extends GlmDataObits // build array of potential search fields , will be used in the paging url $form_fields = array( - 'last' => filter_var($form_data['last_name'],FILTER_SANITIZE_STRING), - 'first' => filter_var($form_data['first_mid'],FILTER_SANITIZE_STRING), - 'b_yr' => filter_var($form_data['b_year'],FILTER_SANITIZE_STRING), - 'b_range' => filter_var($form_data['b_yr_range'],FILTER_SANITIZE_STRING), - 'd_yr' => filter_var($form_data['d_year'],FILTER_SANITIZE_STRING), - 'd_range' => filter_var($form_data['d_yr_range'],FILTER_SANITIZE_STRING), - 'spouse' => filter_var($form_data['spouse_partner'],FILTER_SANITIZE_STRING), - 'maiden' => filter_var($form_data['maiden_other'],FILTER_SANITIZE_STRING) + 'last' => isset($form_data['last_name']) ? filter_var($form_data['last_name'],FILTER_SANITIZE_STRING) : '', + 'first' => isset($form_data['first_mid']) ? filter_var($form_data['first_mid'],FILTER_SANITIZE_STRING) : '', + 'b_yr' => isset($form_data['b_year']) ? filter_var($form_data['b_year'],FILTER_SANITIZE_STRING) : '', + 'b_range' => isset($form_data['b_yr_range']) ? filter_var($form_data['b_yr_range'],FILTER_SANITIZE_STRING) : '', + 'd_yr' => isset($form_data['d_year']) ? filter_var($form_data['d_year'],FILTER_SANITIZE_STRING) : '', + 'd_range' => isset($form_data['d_yr_range']) ? filter_var($form_data['d_yr_range'],FILTER_SANITIZE_STRING) : '', + 'spouse' => isset($form_data['spouse_partner']) ? filter_var($form_data['spouse_partner'],FILTER_SANITIZE_STRING) : '', + 'maiden' => isset($form_data['maiden_other']) ? filter_var($form_data['maiden_other'],FILTER_SANITIZE_STRING) : '', ); //clear the placeholder values from the jquery html input fix - foreach($form_fields as $field=>$f){ - if( in_array($f, $placeholders) ){ - $form_fields[$field] = ''; + if( !empty($form_fields) ){ + foreach($form_fields as $field=>$f){ + if( in_array($f, $placeholders) ){ + $form_fields[$field] = ''; + } } } + $get_fields = array( - 'last_name' => filter_var($_GET['last'],FILTER_SANITIZE_STRING), - 'first_mid' => filter_var($_GET['first'],FILTER_SANITIZE_STRING), - 'b_year' => filter_var($_GET['b_yr'],FILTER_SANITIZE_STRING), - 'b_yr_range' => filter_var($_GET['b_range'],FILTER_SANITIZE_STRING), - 'd_year' => filter_var($_GET['d_yr'],FILTER_SANITIZE_STRING), - 'd_yr_range' => filter_var($_GET['d_range'],FILTER_SANITIZE_STRING), - 'spouse_partner' => filter_var($_GET['spouse'],FILTER_SANITIZE_STRING), - 'maiden_other' => filter_var($_GET['maiden'],FILTER_SANITIZE_STRING) + 'last_name' => isset($_GET['last']) ? filter_var($_GET['last'],FILTER_SANITIZE_STRING) : '', + 'first_mid' => isset($_GET['first']) ? filter_var($_GET['first'],FILTER_SANITIZE_STRING) : '', + 'b_year' => isset($_GET['b_yr']) ? filter_var($_GET['b_yr'],FILTER_SANITIZE_STRING) : '', + 'b_yr_range' => isset($_GET['b_range']) ? filter_var($_GET['b_range'],FILTER_SANITIZE_STRING) : '', + 'd_year' => isset($_GET['d_yr']) ? filter_var($_GET['d_yr'],FILTER_SANITIZE_STRING) : '', + 'd_yr_range' => isset($_GET['d_range']) ? filter_var($_GET['d_range'],FILTER_SANITIZE_STRING) : '', + 'spouse_partner' => isset($_GET['spouse']) ? filter_var($_GET['spouse'],FILTER_SANITIZE_STRING) : '', + 'maiden_other' => isset($_GET['maiden']) ? filter_var($_GET['maiden'],FILTER_SANITIZE_STRING) : '', ); // get the alpha key if ( isset( $_REQUEST['alpha'] ) ){ @@ -181,33 +196,36 @@ class GlmMembersFront_obits_search extends GlmDataObits } // build the initial sql query based on the search fields and search options selected - foreach($search_fields as $field => $f){ + If(!empty($search_fields)){ + foreach($search_fields as $field => $f){ - foreach($search_options as $option => $o){ + foreach($search_options as $option => $o){ - if( strpos($option, $field) !== false){ + if( strpos($option, $field) !== false){ - if(strpos($option, 'not') !== false){ + if(strpos($option, 'not') !== false){ - $o = '<>'; - $search_fields[$field] = $field . " $o " . "'$f'"; + $o = '<>'; + $search_fields[$field] = $field . " $o " . "'$f'"; - break; + break; - } else if(strpos($o, '%') !== false){ - $o = rtrim($o, "%"); - $search_fields[$field] = $field . " $o " . "'$f%'"; - } else if($o === 'LIKE') { - $search_fields[$field] = $field . " $o " . "'%$f%'"; - } else { - $search_fields[$field] = $field . " $o " . "'$f'"; + } else if(strpos($o, '%') !== false){ + $o = rtrim($o, "%"); + $search_fields[$field] = $field . " $o " . "'$f%'"; + } else if($o === 'LIKE') { + $search_fields[$field] = $field . " $o " . "'%$f%'"; + } else { + $search_fields[$field] = $field . " $o " . "'$f'"; + } } } } } // generate the WHERE clause string from the array of options - $search = implode($clause, $search_fields); + if(!empty($search_fields)) + $search = implode($clause, $search_fields); // check the GET variables for sql queries with paging if( empty( $search ) && empty( $alpha_key) && empty($get_values) ){ -- 2.17.1