nightjarnz

But I feel like perhaps your understanding of paramaterised queries might be a little different from what they actually do.

nightjarnz

I don't want to give you bad advice, so please check anything I suggest.

taoceanz

This works successfully and returns search queries per locale. It's just translating some of the variables into params to pass to the prepared query that breaks it for some reason.

taoceanz

Sorry, that's not the full query. It's here for greater reference. https://github.com/taoceanz/silverstripe-fluent/blob/feature/ss4-core-search-extension/src/Extension/FluentSearchFormExtension.php#L65

Show 1 attachment(s)
GitHub  
taoceanz/silverstripe-fluent

Multi-language translate module for Silverstripe, without having to manage separate site trees. - taoceanz/silverstripe-fluent

Hide attachment content
nightjarnz

SELECT DISTINCT SiteTree_Live.ID, SiteTree_Live.Title, MATCH (SiteTree_Live.Title, SiteTree_Live.MenuTitle, SiteTree_Live.Content, SiteTree_Live.MetaDescription) AGAINST ('Search') AS Relevance is fine?

taoceanz

I'm changing it as Damian suggested it's more secure as a parameterised query. This is the PR for more info: https://github.com/tractorcow-farm/silverstripe-fluent/pull/547

Show 1 attachment(s)