From d735ea27ca3c8f0f031347c0608fbbd010fdfa65 Mon Sep 17 00:00:00 2001
From: lifei6671 <longfei6671@163.com>
Date: Mon, 24 Dec 2018 15:23:17 +0800
Subject: [PATCH] =?UTF-8?q?fix:=E4=BC=98=E5=8C=96=E6=90=9C=E7=B4=A2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 controllers/BookController.go   | 4 +++-
 controllers/SearchController.go | 4 +++-
 utils/sqltil/sql.go             | 8 ++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 utils/sqltil/sql.go

diff --git a/controllers/BookController.go b/controllers/BookController.go
index a809764e..131a8fb5 100644
--- a/controllers/BookController.go
+++ b/controllers/BookController.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/lifei6671/mindoc/utils/sqltil"
 	"html/template"
 	"os"
 	"path/filepath"
@@ -957,7 +958,7 @@ func (c *BookController) TeamSearch() {
 	if err != nil {
 		c.JsonResult(500, err.Error())
 	}
-
+	keyword = sqltil.EscapeLike(keyword)
 	searchResult, err := models.NewTeamRelationship().FindNotJoinBookByBookIdentify(book.BookId, keyword, 10)
 
 	if err != nil {
@@ -972,6 +973,7 @@ func (c *BookController) ItemsetsSearch() {
 	c.Prepare()
 
 	keyword := strings.TrimSpace(c.GetString("q"))
+	keyword = sqltil.EscapeLike(keyword)
 
 	searchResult, err := models.NewItemsets().FindItemsetsByName(keyword, 10)
 
diff --git a/controllers/SearchController.go b/controllers/SearchController.go
index 5dfe1d48..dbe88015 100644
--- a/controllers/SearchController.go
+++ b/controllers/SearchController.go
@@ -6,6 +6,7 @@ import (
 	"github.com/lifei6671/mindoc/models"
 	"github.com/lifei6671/mindoc/utils"
 	"github.com/lifei6671/mindoc/utils/pagination"
+	"github.com/lifei6671/mindoc/utils/sqltil"
 	"strconv"
 	"strings"
 )
@@ -36,7 +37,7 @@ func (c *SearchController) Index() {
 		if c.Member != nil {
 			memberId = c.Member.MemberId
 		}
-		searchResult, totalCount, err := models.NewDocumentSearchResult().FindToPager(keyword, pageIndex, conf.PageSize, memberId)
+		searchResult, totalCount, err := models.NewDocumentSearchResult().FindToPager(sqltil.EscapeLike(keyword), pageIndex, conf.PageSize, memberId)
 
 		if err != nil {
 			return
@@ -86,6 +87,7 @@ func (c *SearchController) User() {
 	if key == "" || keyword == "" {
 		c.JsonResult(404, "参数错误")
 	}
+	keyword = sqltil.EscapeLike(keyword)
 
 	book, err := models.NewBookResult().FindByIdentify(key, c.Member.MemberId)
 	if err != nil {
diff --git a/utils/sqltil/sql.go b/utils/sqltil/sql.go
new file mode 100644
index 00000000..717894cd
--- /dev/null
+++ b/utils/sqltil/sql.go
@@ -0,0 +1,8 @@
+package sqltil
+
+import "strings"
+
+//转义like语法的%_符号
+func EscapeLike(keyword string) string {
+	return strings.Replace(strings.Replace(keyword,"_","\\_",-1),"%","\\%",-1)
+}