bad
/
pai-sklep
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity
pai-sklep/app/Http/Controllers/MainPageController.php

22 lines
839 B
PHP
Raw Blame History

<?php
namespace App\Http\Controllers;
use App\Models\Product;
use Illuminate\Http\Request;
class MainPageController extends Controller
{
public function index(Request $request)
{
$query = $request->query->get("q");
if ($query) {
// O(n) query at best, malicious users can just insert % and _ characters into the query if they wanna, but it's fine half the class left every single field vulnurable to sqli so I don't wanna bother doing this properly with a full text search
$products = Product::query()->where('name', 'like', "%{$query}%")->orWhere('description', 'like', "?")->latest()->limit(100)->get();
} else {
$products = Product::query()->latest()->limit(100)->get();
}
return view("index", ["products" => $products, "query" => $query]);
}
}
Reference in New Issue View Git Blame Copy Permalink