diff --git a/controllers/BookController.go b/controllers/BookController.go index a809764ed..131a8fb5b 100644 --- a/controllers/BookController.go +++ b/controllers/BookController.go @@ -4,6 +4,7 @@ import ( "encoding/json" "errors" "fmt" + "github.com/lifei6671/mindoc/utils/sqltil" "html/template" "os" "path/filepath" @@ -957,7 +958,7 @@ func (c *BookController) TeamSearch() { if err != nil { c.JsonResult(500, err.Error()) } - + keyword = sqltil.EscapeLike(keyword) searchResult, err := models.NewTeamRelationship().FindNotJoinBookByBookIdentify(book.BookId, keyword, 10) if err != nil { @@ -972,6 +973,7 @@ func (c *BookController) ItemsetsSearch() { c.Prepare() keyword := strings.TrimSpace(c.GetString("q")) + keyword = sqltil.EscapeLike(keyword) searchResult, err := models.NewItemsets().FindItemsetsByName(keyword, 10) diff --git a/controllers/SearchController.go b/controllers/SearchController.go index 5dfe1d48e..dbe880153 100644 --- a/controllers/SearchController.go +++ b/controllers/SearchController.go @@ -6,6 +6,7 @@ import ( "github.com/lifei6671/mindoc/models" "github.com/lifei6671/mindoc/utils" "github.com/lifei6671/mindoc/utils/pagination" + "github.com/lifei6671/mindoc/utils/sqltil" "strconv" "strings" ) @@ -36,7 +37,7 @@ func (c *SearchController) Index() { if c.Member != nil { memberId = c.Member.MemberId } - searchResult, totalCount, err := models.NewDocumentSearchResult().FindToPager(keyword, pageIndex, conf.PageSize, memberId) + searchResult, totalCount, err := models.NewDocumentSearchResult().FindToPager(sqltil.EscapeLike(keyword), pageIndex, conf.PageSize, memberId) if err != nil { return @@ -86,6 +87,7 @@ func (c *SearchController) User() { if key == "" || keyword == "" { c.JsonResult(404, "参数错误") } + keyword = sqltil.EscapeLike(keyword) book, err := models.NewBookResult().FindByIdentify(key, c.Member.MemberId) if err != nil { diff --git a/utils/sqltil/sql.go b/utils/sqltil/sql.go new file mode 100644 index 000000000..717894cd1 --- /dev/null +++ b/utils/sqltil/sql.go @@ -0,0 +1,8 @@ +package sqltil + +import "strings" + +//转义like语法的%_符号 +func EscapeLike(keyword string) string { + return strings.Replace(strings.Replace(keyword,"_","\\_",-1),"%","\\%",-1) +}