pai-sklep/app/Http/Controllers/MainPageController.php

22 lines
839 B
PHP
Raw Permalink Normal View History

2021-11-14 20:44:10 +01:00
<?php
namespace App\Http\Controllers;
use App\Models\Product;
use Illuminate\Http\Request;
class MainPageController extends Controller
{
2021-12-05 19:22:00 +01:00
public function index(Request $request)
2021-11-24 11:34:46 +01:00
{
2021-12-05 19:22:00 +01:00
$query = $request->query->get("q");
if ($query) {
// O(n) query at best, malicious users can just insert % and _ characters into the query if they wanna, but it's fine half the class left every single field vulnurable to sqli so I don't wanna bother doing this properly with a full text search
$products = Product::query()->where('name', 'like', "%{$query}%")->orWhere('description', 'like', "?")->latest()->limit(100)->get();
} else {
$products = Product::query()->latest()->limit(100)->get();
}
return view("index", ["products" => $products, "query" => $query]);
2021-11-14 20:44:10 +01:00
}
}