bob
/
westdc-zf1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

增强安全性,并限制摘要长度

This commit is contained in:
wlx 2011-12-25 02:24:30 +00:00
parent 831ff26eec
commit 1152e4a86d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
application/default/controllers/ServiceController.php
View File

@ -112,13 +112,13 @@ class ServiceController extends Zend_Controller_Action
if (empty($w)) $w=-180; if (empty($w)) $w=-180;
//$start=$this->_request->getParam('start'); //$start=$this->_request->getParam('start');
//$end=$this->_request->getParam('end'); //$end=$this->_request->getParam('end');
$sql="select id,title,uuid,description,filesize,fileformat from normalmetadata where east<? and west>? and north<? and south>?"; $sql="select id,title,uuid,substring(description for 400),filesize,fileformat from normalmetadata where east<? and west>? and north<? and south>?";
if (!empty($key)) { if (!empty($key)) {
$sql.= " and (title ilike ? or description ilike ?)"; $sql.= " and (title ilike ? or description ilike ?)";
$sql.= " order by title"; $sql.= " order by title";
$rows=$this->db->fetchAll($sql,array($e,$w,$n,$s,'%'.$key.'%','%'.$key.'%')); $rows=$this->db->fetchAll($sql,array($e,$w,$n,$s,$this->db->quote('%'.$key.'%'),$this->db->quote('%'.$key.'%')));
} else { } else {
$sql.= " order by title"; $sql.= " order by title limit 10";
$rows=$this->db->fetchAll($sql,array($e,$w,$n,$s)); $rows=$this->db->fetchAll($sql,array($e,$w,$n,$s));
} }
$this->_helper->json($rows); $this->_helper->json($rows);