diff --git a/application/third_party/recommend/models/infoTips_model.php b/application/third_party/recommend/models/infoTips_model.php index 7e5c2e68..f441475e 100644 --- a/application/third_party/recommend/models/infoTips_model.php +++ b/application/third_party/recommend/models/infoTips_model.php @@ -58,12 +58,13 @@ class infoTips_model extends CI_Model public function search($keywords, $byWhat) { $whereCodition = ''; + if ($byWhat == 'byTitle') { - $whereCodition .= " and it.it_title like '%" . $keywords . "%'"; + $whereCodition .= " and it.it_title like '%" . addslashes($keywords) . "%'"; } else if ($byWhat == 'byLabel') { - $whereCodition .= " and it.it_code like '%" . $keywords . "%'"; + $whereCodition .= " and it.it_code like '%" . addslashes($keywords) . "%'"; } else if ($byWhat == 'byContent') { - $whereCodition .= " and it.it_content like '%" . $keywords . "%'"; + $whereCodition .= " and it.it_content like '%" . addslashes($keywords) . "%'"; } $searchText = "select it.it_id ,it.it_title,it.it_expires,it.it_code,it.it_content,it.it_sitecode,it.it_datetime diff --git a/application/third_party/recommend/views/welcome.php b/application/third_party/recommend/views/welcome.php index 2bdb8963..b976e3f1 100644 --- a/application/third_party/recommend/views/welcome.php +++ b/application/third_party/recommend/views/welcome.php @@ -8,7 +8,7 @@