}
/**
- * Load a GUID of a note by the note title
+ * Load a GUID of a note by the note title.
*
- * @param string $title Note title
+ * The note title is stored html-escaped in the database because we
+ * get it that way from tomboy. Thus we have to escape the search
+ * input, too.
+ *
+ * @param string $title Note title.
*
* @return string GUID, NULL if note could not be found
*/
$row = \OC_DB::executeAudited(
'SELECT note_guid FROM `*PREFIX*grauphel_notes`'
. ' WHERE `note_user` = ? AND `note_title` = ?',
- array($this->username, $title)
+ array($this->username, htmlspecialchars($title))
)->fetchRow();
if ($row === false) {
return $row['note_guid'];
}
+ /**
+ * Search for a note
+ *
+ * @param string $keywords AND-concatenated query strings
+ *
+ * @return array Database rows with note_guid and note_title
+ */
+ public function search($keywords)
+ {
+ $sqlWhere = ' AND (note_title LIKE ? OR note_tags LIKE ? OR note_content LIKE ?)';
+ $arData = array(
+ $this->username
+ );
+ foreach ($keywords as $keyword) {
+ $arData[] = '%' . $keyword . '%';//title
+ $arData[] = '%' . $keyword . '%';//tags
+ $arData[] = '%' . $keyword . '%';//content
+ }
+ $result = \OC_DB::executeAudited(
+ 'SELECT `note_guid`, `note_title`'
+ . ' FROM `*PREFIX*grauphel_notes`'
+ . ' WHERE note_user = ?'
+ . str_repeat($sqlWhere, count($keywords)),
+ $arData
+ );
+
+ $notes = array();
+ while ($row = $result->fetchRow()) {
+ $notes[] = $row;
+ }
+ return $notes;
+ }
+
/**
* Save a note into storage.
*
git.cweiske.de / grauphel.git / blobdiff