From 71fe63bf4a79dae7517aa7af0fccc40bfdd416b8 Mon Sep 17 00:00:00 2001
From: Jimmy Liow <lyj@hainatravel.com>
Date: Thu, 16 Nov 2023 15:34:52 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=20SQL=20like=20=E8=BD=AC?=
 =?UTF-8?q?=E4=B9=89=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/third_party/recommend/controllers/index.php     | 2 +-
 application/third_party/recommend/models/infoTips_model.php | 6 +++---
 application/third_party/recommend/views/welcome.php         | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/application/third_party/recommend/controllers/index.php b/application/third_party/recommend/controllers/index.php
index 27c0e89b..a3d28d1d 100644
--- a/application/third_party/recommend/controllers/index.php
+++ b/application/third_party/recommend/controllers/index.php
@@ -35,7 +35,7 @@ class Index extends CI_Controller
       $data = array();
       $data['groupList'] = $this->Information_model->group_list();
       $data['tipsList'] = $this->infoTips_model->search($keywords, $byWhat);
-      $data['keywords'] = $keywords;
+      $data['lastKeyword'] = $keywords;
       $this->load->view('bootstrap3/header', $data);
       $this->load->view('welcome');
       $this->load->view('bootstrap3/footer');
diff --git a/application/third_party/recommend/models/infoTips_model.php b/application/third_party/recommend/models/infoTips_model.php
index f441475e..41660253 100644
--- a/application/third_party/recommend/models/infoTips_model.php
+++ b/application/third_party/recommend/models/infoTips_model.php
@@ -60,11 +60,11 @@ class infoTips_model extends CI_Model
       $whereCodition = '';
 
       if ($byWhat == 'byTitle') {
-        $whereCodition .= " and it.it_title like '%" . addslashes($keywords) . "%'";
+        $whereCodition .= " and it.it_title like '%" . $this->HT->escape_str($keywords) . "%'";
       } else if ($byWhat == 'byLabel') {
-        $whereCodition .= " and it.it_code like '%" . addslashes($keywords) . "%'";
+        $whereCodition .= " and it.it_code like '%" . $this->HT->escape_str($keywords) . "%'";
       } else if ($byWhat == 'byContent') {
-        $whereCodition .= " and it.it_content like '%" . addslashes($keywords) . "%'";
+        $whereCodition .= " and it.it_content like '%" . $this->HT->escape_str($keywords) . "%'";
       }
       $searchText = 
         "select it.it_id ,it.it_title,it.it_expires,it.it_code,it.it_content,it.it_sitecode,it.it_datetime 
diff --git a/application/third_party/recommend/views/welcome.php b/application/third_party/recommend/views/welcome.php
index b976e3f1..93dc3642 100644
--- a/application/third_party/recommend/views/welcome.php
+++ b/application/third_party/recommend/views/welcome.php
@@ -8,7 +8,7 @@
             <form id="searchForm" method="post" action="<?php echo site_url('thirdparty/recommend/index/search'); ?>" class="navbar-form navbar-left">
           <div class="input-group">
             <input type="text" class="form-control input-sm" name="keywords" id="keywords" value="" style="min-width:450px;">
-            <input type="hidden" name="byWhat" value="<?php echo $keywords; ?>" id="byWhatInput" >
+            <input type="hidden" name="byWhat" value="<?php if (!empty($lastKeyword)) {echo $lastKeyword;} ?>" id="byWhatInput" >
             <span class="input-group-btn">
               <button class="btn btn-default btn-sm" id="searchByTitleBtn" type="button">搜索标题</button>
               <button class="btn btn-default btn-sm" id="searchByLabelBtn" type="button">搜索标签</button>