a) One can preface "hd:" to a search and find only programs broadcast in HDTV.
Good enough, but I think I'm going to make this a checkbox option like "exact match" -- you'll see the commit go in soon.
b) One can provide a parameter "sql" which is a generalized SQL query for the "program" table to search.php. This is mostly used below, but allows users to build complex queries, if they know their SQL, and bookmark them for future searching.
I can't allow this -- it's too blatant of a security risk.
c) Added a new page of "Searches". This page contains a list of links which are canned searches, largely generated using the sql search option. Coders can readily add new searches to the page that might be popular. Users can use that page, or go there once and bookmark them for future easy searching. Thus only developers need know SQL.
I'd accept this kind of thing if you made a hash/database (in a config file?) of the searches, and referenced them that way. Something like "search.php?custom_search=3star_moviesearch" that would link to the movie search with a filter of 3 stars minimum (etc). Having something that can accept raw SQL on the URL string is just dangerous.
btw, you can't have whitespace in a URL, either. Most browsers are smart enough to replace it with + or %20, but you can't rely on it (it's bad form, anyway). any href="" stuff should be completely url encoded in the source.
-CHris _______________________________________________ mythtv-dev mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-dev
