增加转义防止 SQL 出错

application/third_party/recommend/models/infoTips_model.php

@@ -58,12 +58,13 @@ class infoTips_model extends CI_Model
 
     public function search($keywords, $byWhat) {
       $whereCodition = '';
+
       if ($byWhat == 'byTitle') {
-        $whereCodition .= " and it.it_title like '%" . $keywords . "%'";
+        $whereCodition .= " and it.it_title like '%" . addslashes($keywords) . "%'";
       } else if ($byWhat == 'byLabel') {
-        $whereCodition .= " and it.it_code like '%" . $keywords . "%'";
+        $whereCodition .= " and it.it_code like '%" . addslashes($keywords) . "%'";
       } else if ($byWhat == 'byContent') {
-        $whereCodition .= " and it.it_content like '%" . $keywords . "%'";
+        $whereCodition .= " and it.it_content like '%" . addslashes($keywords) . "%'";
       }
       $searchText = 
         "select it.it_id ,it.it_title,it.it_expires,it.it_code,it.it_content,it.it_sitecode,it.it_datetime 

application/third_party/recommend/views/welcome.php

@@ -8,7 +8,7 @@
             <form id="searchForm" method="post" action="<?php echo site_url('thirdparty/recommend/index/search'); ?>" class="navbar-form navbar-left">
           <div class="input-group">
             <input type="text" class="form-control input-sm" name="keywords" id="keywords" value="" style="min-width:450px;">
-            <input type="hidden" name="byWhat" value="<?php echo keywords; ?>" id="byWhatInput" >
+            <input type="hidden" name="byWhat" value="<?php echo $keywords; ?>" id="byWhatInput" >
             <span class="input-group-btn">
               <button class="btn btn-default btn-sm" id="searchByTitleBtn" type="button">搜索标题</button>
               <button class="btn btn-default btn-sm" id="searchByLabelBtn" type="button">搜索标签</button>