Searches by Fields

Broken link? Feature request? Anything related to the Spectrum Computing website here.
Post Reply
User avatar
RMartins
Manic Miner
Posts: 776
Joined: Thu Nov 16, 2017 3:26 pm

Searches by Fields

Post by RMartins »

When looking and some ZXDB listings, there are a few fields like:
- Category
- Machine
- Year

How can we make a query for one of these fields ?

For example to get listing of games for "Machine = ZX Spectrum 16K" ?

On a side note, where is the Advanced search link ?
I have been looking at the site, but can't seem to find it.

EDIT 1: I found it, in the icon that looks like settings, near the search icon, and as a link in the "Active Topics" page:
search.php

But this is a search of the forum stuff, not of the programs in ZXDB.

EDIT 2: I have now seen an ADVANCED SEARCH in the home page.
Was this there before ?
Last edited by RMartins on Tue Apr 03, 2018 11:47 am, edited 3 times in total.
User avatar
RMartins
Manic Miner
Posts: 776
Joined: Thu Nov 16, 2017 3:26 pm

Re: Searches by Fields

Post by RMartins »

I would also like to suggest that when a list is presented, clicking on these fields contents, should take us to the advanced search page with the conditions already filled in, and showing the result of such search conditions.

For example, if I search for my game "Extruder", I get a listing with the following:
EXTRUDER

Category:
Game: Puzzle

Machine:
ZX-Spectrum 48K

Year:
2018

Publisher:
So:
If I click on "Game: Puzzle", it should be a link that shows all records with:
Category IN ( Game, Puzzle )

Or alternatively, "Game" and "Puzzle", could be 2 distinct links, for each specific category.

if I click on "ZX-Spectrum 48K", it should be a link that shows all records with:
Machine = "ZX-Spectrum 48K"

if I click on "2018", it should be a link that shows all records with:
Year = 2018
User avatar
PeterJ
Site Admin
Posts: 6855
Joined: Thu Nov 09, 2017 7:19 pm
Location: Surrey, UK

Re: Searches by Fields

Post by PeterJ »

Hi [mention]RMartins[/mention] the advanced search is on the website home page. Year, category, name, machine type, publisher and other fields. It's on the right hand side. You can complete any number of the advanced fields such as year and category and publisher.

The quick search will also multi-search.

The search results is a list, once you select a title you are taken to the detail page where the majority of fields have hyperlinks on them (for example year).

The predictive search you are working on will help with the simple search. When you are ready we can test this.

Peter
User avatar
RMartins
Manic Miner
Posts: 776
Joined: Thu Nov 16, 2017 3:26 pm

Re: Searches by Fields

Post by RMartins »

PeterJ wrote: Tue Apr 03, 2018 12:23 pm ...

The search results is a list, once you select a title you are taken to the detail page where the majority of fields have hyperlinks on them (for example year).

...
Yes. What I'm suggesting is that the links for each of the fields "Category", "Machine" and "year", should also have specific links to search for those items.

Currently, only "Publisher" seems to have this implemented.
User avatar
RMartins
Manic Miner
Posts: 776
Joined: Thu Nov 16, 2017 3:26 pm

Re: Searches by Fields

Post by RMartins »

I probably found a bug or an unexpected feature of the advanced search implementation

If we go here: https://spectrumcomputing.co.uk/index.php?cat=999

It should list all the entries that have "ZX Spectrum 16K" in their "Machine" field.
And it does, if you were the one to start the search.

However, if you just followed a link, like the one I provided above, it will return:
Please search for title with at least 3 chars long, or use advance search with one or more search fields.
User avatar
PeterJ
Site Admin
Posts: 6855
Joined: Thu Nov 09, 2017 7:19 pm
Location: Surrey, UK

Re: Searches by Fields

Post by PeterJ »

Hi [mention]RMartins[/mention] all the additional hyperlinks are in the detail games pages. The search results aren't there for additional filtering I'm afraid.
User avatar
PeterJ
Site Admin
Posts: 6855
Joined: Thu Nov 09, 2017 7:19 pm
Location: Surrey, UK

Re: Searches by Fields

Post by PeterJ »

RMartins wrote: Tue Apr 03, 2018 1:44 pm I probably found a bug or an unexpected feature of the advanced search implementation

That hyperlink is just for the search page, the fields you search for aren't shown in the link to stop possible undesirable injection.
User avatar
RMartins
Manic Miner
Posts: 776
Joined: Thu Nov 16, 2017 3:26 pm

Re: Searches by Fields

Post by RMartins »

PeterJ wrote: Tue Apr 03, 2018 1:49 pm
RMartins wrote: Tue Apr 03, 2018 1:44 pm I probably found a bug or an unexpected feature of the advanced search implementation
That hyperlink is just for the search page, the fields you search for aren't shown in the link to stop possible undesirable injection.
I'm not really sure what you mean here.
If it's to avoid SQL injection, we just need to filter the inputs, and control how we build the query (pre-compiled named queries).

Anyway, if we receive the parameters some other way (it seems to be through Form POST), anyone can try injecting stuff through that way, instead of URL. Might not be as direct (visual), but the result will be the same.
User avatar
PeterJ
Site Admin
Posts: 6855
Joined: Thu Nov 09, 2017 7:19 pm
Location: Surrey, UK

Re: Searches by Fields

Post by PeterJ »

[mention]RMartins[/mention] I'm afraid the way it works isn't going to change in the short or medium term. Once we get through the list of additional features we want to implement we can go back to and consider upgrades of existing sections. The trouble is getting volunteers to code stuff, so we have to prioritise things.

I'm happy to share the code with you.
User avatar
RMartins
Manic Miner
Posts: 776
Joined: Thu Nov 16, 2017 3:26 pm

Re: Searches by Fields

Post by RMartins »

I was just concerned if somehow we are expecting a Form POST to be a way to protect against SQL injection.

We can talk about this and the feature I'm implementing offline.
User avatar
PeterJ
Site Admin
Posts: 6855
Joined: Thu Nov 09, 2017 7:19 pm
Location: Surrey, UK

Re: Searches by Fields

Post by PeterJ »

Thanks [mention]RMartins[/mention], yes we can certainly do that. All the input is also sanatised within the code before it goes anywhere.

Look forward to hearing you you.
Post Reply