Improve api_search()

Use dba::p() instead of q()
Move exception to the beginning
Remove useless GROUP BY
Remove useless protect_sprintf()

diff --git a/include/api.php b/include/api.php
index 9cc82560d2e358e61c2c9965bf44323c7690534c..2cf79fa5aa4a066a5467ea6bcb07d0c3df8ad355 100644 (file)
--- a/include/api.php
+++ b/include/api.php
@@ -1500,49 +1500,48 @@ function api_search($type)
 {
        $data = array();
 
-       if (x($_REQUEST, 'q')) {
-               if (x($_REQUEST, 'rpp')) {
-                       $count = $_REQUEST['rpp'];
-               } elseif (x($_REQUEST, 'count')) {
-                       $count = $_REQUEST['count'];
-               } else {
-                       $count = 15;
-               }
+       if (!x($_REQUEST, 'q')) {
+               throw new BadRequestException("q parameter is required.");
+       }
 
-               $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-               $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-               $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
+       if (x($_REQUEST, 'rpp')) {
+               $count = $_REQUEST['rpp'];
+       } elseif (x($_REQUEST, 'count')) {
+               $count = $_REQUEST['count'];
+       } else {
+               $count = 15;
+       }
 
-               $start = $page * $count;
+       $since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
+       $max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
+       $page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
 
-               if ($max_id > 0) {
-                       $sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
-               }
+       $start = $page * $count;
 
-               $r = q(
-                       "SELECT %s
-                       FROM `item` %s
-                       WHERE %s AND (`item`.`uid` = 0 OR (`item`.`uid` = %s AND NOT `item`.`global`))
-                       AND `item`.`body` REGEXP '%s'
-                       $sql_extra
-                       AND `item`.`id`>%d
-                       GROUP BY `item`.`uri`, `item`.`id`
-                       ORDER BY `item`.`id` DESC LIMIT %d ,%d ",
-                       item_fieldlists(),
-                       item_joins(),
-                       item_condition(),
-                       intval(local_user()),
-                       dbesc(protect_sprintf(preg_quote($_REQUEST['q']))),
-                       intval($since_id),
-                       intval($start),
-                       intval($count)
-               );
+       if ($max_id > 0) {
+               $sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
+       }
 
-               $data['status'] = api_format_items($r, api_get_user(get_app()));
-       } else {
-               throw new BadRequestException("q parameter is required.");
+       $r = dba::p(
+               "SELECT ".item_fieldlists()."
+               FROM `item` ".item_joins()."
+               WHERE ".item_condition()." AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`))
+               AND `item`.`body` REGEXP ?
+               $sql_extra
+               AND `item`.`id`>?
+               ORDER BY `item`.`id` DESC LIMIT ".intval($start)." ,".intval($count)." ",
+               intval(api_user()),
+               $_REQUEST['q'],
+               intval($since_id)
+       );
+
+       $statuses = array();
+       while ($row = dba::fetch($r)) {
+               $statuses[] = $row;
        }
 
+       $data['status'] = api_format_items($statuses, api_get_user(get_app()));
+
        return api_format_data("statuses", $type, $data);
 }