From 3f02174ba30c329808c2b70925aef3484669b924 Mon Sep 17 00:00:00 2001 From: Sven Slootweg Date: Mon, 28 Jan 2013 16:07:48 +0100 Subject: [PATCH] Implement some very basic methods to prevent overloading --- frontend/modules/api/search.php | 40 +++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/frontend/modules/api/search.php b/frontend/modules/api/search.php index 6a593e1..7adfdac 100644 --- a/frontend/modules/api/search.php +++ b/frontend/modules/api/search.php @@ -25,32 +25,44 @@ else $terms = explode(" ", $query); $db_query_terms = array(); + $valid_term = false; foreach($terms as $term) { $db_query_terms[] = "`Title` LIKE ?"; + $term = str_replace("%", "\%", $term); + $valid_term = $valid_term || (strlen($term) > 2); $db_query_arguments[] = "%{$term}%"; } - $db_query = implode(" AND ", $db_query_terms); - array_unshift($db_query_arguments, ''); - unset($db_query_arguments[0]); - - try + if($valid_term) { - $results_topics = Topic::CreateFromQuery("SELECT * FROM topics WHERE {$db_query}", $db_query_arguments); + $db_query = implode(" AND ", $db_query_terms); + array_unshift($db_query_arguments, ''); + unset($db_query_arguments[0]); - $return_objects = array(); - - foreach($results_topics as $topic) + try { - $return_objects[] = $topic->AsDataset(); - } + $results_topics = Topic::CreateFromQuery("SELECT * FROM topics WHERE {$db_query}", $db_query_arguments); + + $return_objects = array(); - $sPageContents = json_encode($return_objects); + foreach($results_topics as $topic) + { + $return_objects[] = $topic->AsDataset(); + } + + $sPageContents = json_encode($return_objects); + } + catch (NotFoundException $e) + { + $sPageContents = json_encode(array("error" => "No results found for the specified query.", "query" => $query)); + } } - catch (NotFoundException $e) + else { - $sPageContents = json_encode(array("error" => "No results found for the specified query.", "query" => $query)); + die(json_encode(array( + "error" => "No valid search query specified." + ))); } }