pai-sklep/app/Http/Controllers/MainPageController.php

27 lines
1.2 KiB
PHP
Raw Permalink Normal View History

2021-11-14 20:44:10 +01:00
<?php
namespace App\Http\Controllers;
2021-12-15 18:57:03 +01:00
use App\Models\Category;
2021-11-14 20:44:10 +01:00
use App\Models\Product;
use Illuminate\Http\Request;
class MainPageController extends Controller
{
2021-12-05 19:22:00 +01:00
public function index(Request $request)
2021-11-24 11:34:46 +01:00
{
2021-12-15 18:57:03 +01:00
$query = Product::query()->latest()->limit(100);
$search = $request->query->get("q");
if ($search) {
2021-12-05 19:22:00 +01:00
// O(n) query at best, malicious users can just insert % and _ characters into the query if they wanna, but it's fine half the class left every single field vulnurable to sqli so I don't wanna bother doing this properly with a full text search
2021-12-15 18:57:03 +01:00
$query = $query->where('name', 'like', "%{$search}%")->orWhere('description', 'like', "%{$search}%");
}
$category = $request->query->get("category");
if ($category) {
// O(n) query at best, malicious users can just insert % and _ characters into the query if they wanna, but it's fine half the class left every single field vulnurable to sqli so I don't wanna bother doing this properly with a full text search
$query = $query->whereHas('categories', fn ($b) => $b->where("name","=",$category));
}
return view("index", ["products" => $query->get(), "query" => $search]);
2021-11-14 20:44:10 +01:00
}
}