|
|
@@ -1186,10 +1186,23 @@ class report {
|
|
|
$textSearch_arr = $_POST[$fiter['field']];
|
|
|
if($fiter['supportMultiple'] == 'true'){
|
|
|
$textSearch_arr = str_replace(",", ";", $textSearch_arr);
|
|
|
- $more_param = common::getInNotInSqlForSearch(strtolower($textSearch_arr));
|
|
|
- $temp_sql_where .= " and lower(".$key.") in ($more_param)";
|
|
|
+ //$more_param = common::getInNotInSqlForSearch(strtolower($textSearch_arr));
|
|
|
+ //$temp_sql_where .= " and lower(".$key.") in ($more_param)";
|
|
|
+ $keywords = array_filter(array_map('trim', explode(';', strtolower($textSearch_arr))));
|
|
|
+ $likeConditions = [];
|
|
|
+ foreach ($keywords as $kw) {
|
|
|
+ $kwLower = strtolower($kw);
|
|
|
+ // 转义 SQL 特殊字符(防注入!)
|
|
|
+ $kwEscaped = common::check_input($kwLower);
|
|
|
+ // 或使用 PDO/参数化更安全(见下方建议)
|
|
|
+ $likeConditions[] = "lower({$key}) LIKE '%{$kwEscaped}%'";
|
|
|
+ }
|
|
|
+ if (!empty($likeConditions)) {
|
|
|
+ $temp_sql_where .= " AND (" . implode(' OR ', $likeConditions) . ")";
|
|
|
+ }
|
|
|
+
|
|
|
}else{
|
|
|
- $temp_sql_where .= " and ".$key." = '". common::check_input($_POST[$fiter['field']])."'";
|
|
|
+ $temp_sql_where .= " and ".$key." ilike '%". common::check_input($_POST[$fiter['field']])."%'";
|
|
|
}
|
|
|
} elseif ($fiter['data_type'] == "number"){
|
|
|
$temp_arr = $_POST [$fiter['field']];
|
