From 072d1d4a6707ebbe008e7e5f03626f9418b83051 Mon Sep 17 00:00:00 2001
From: Lars Gebhardt-Kusche <lars@kusche.berlin>
Date: Fri, 2 Jan 2026 01:43:34 +0100
Subject: [PATCH] asdasd

---
 src/App/Search.php | 73 ++++++++++++++--------------------------------
 1 file changed, 22 insertions(+), 51 deletions(-)

diff --git a/src/App/Search.php b/src/App/Search.php
index 2e20349..820b439 100644
--- a/src/App/Search.php
+++ b/src/App/Search.php
@@ -26,13 +26,13 @@ final class Search
         foreach ($tokens as $tok) {
             $tok = trim($tok);
             if ($tok === '') continue;
-            $conditions[] = "(title LIKE :t{$i}a OR teaser_public LIKE :t{$i}b OR description LIKE :t{$i}c OR city LIKE :t{$i}d OR region LIKE :t{$i}e OR zip LIKE :t{$i}f)";
-            $bind["t{$i}a"] = '%' . $tok . '%';
-            $bind["t{$i}b"] = '%' . $tok . '%';
-            $bind["t{$i}c"] = '%' . $tok . '%';
-            $bind["t{$i}d"] = '%' . $tok . '%';
-            $bind["t{$i}e"] = '%' . $tok . '%';
-            $bind["t{$i}f"] = '%' . $tok . '%';
+            $conditions[] = "(title LIKE ? OR teaser_public LIKE ? OR description LIKE ? OR city LIKE ? OR region LIKE ? OR zip LIKE ?)";
+            $bind[] = '%' . $tok . '%';
+            $bind[] = '%' . $tok . '%';
+            $bind[] = '%' . $tok . '%';
+            $bind[] = '%' . $tok . '%';
+            $bind[] = '%' . $tok . '%';
+            $bind[] = '%' . $tok . '%';
             $i++;
         }
 
@@ -53,67 +53,38 @@ final class Search
             $radius = isset($geo['radius']) && is_numeric($geo['radius']) ? max(0.1, (float)$geo['radius']) : 5.0;
             $sql .= ",
             (6371 * ACOS(LEAST(1,
-              COS(RADIANS(:glat)) * COS(RADIANS(lat)) * COS(RADIANS(lng) - RADIANS(:glng)) +
-              SIN(RADIANS(:glat)) * SIN(RADIANS(lat))
+              COS(RADIANS(?)) * COS(RADIANS(lat)) * COS(RADIANS(lng) - RADIANS(?)) +
+              SIN(RADIANS(?)) * SIN(RADIANS(lat))
             ))) AS distance_km";
             $distanceFiltering = true;
 
             $latRange = $radius / 111.0;
             $lngRange = $radius / (111.0 * max(0.1, cos($lat * M_PI / 180)));
             $whereParts[] = "(lat IS NOT NULL AND lng IS NOT NULL)";
-            $whereParts[] = "(lat BETWEEN :latMin AND :latMax)";
-            $whereParts[] = "(lng BETWEEN :lngMin AND :lngMax)";
-            $bind['glat'] = $lat;
-            $bind['glng'] = $lng;
-            $bind['latMin'] = $lat - $latRange;
-            $bind['latMax'] = $lat + $latRange;
-            $bind['lngMin'] = $lng - $lngRange;
-            $bind['lngMax'] = $lng + $lngRange;
-            $bind['radius'] = $radius;
+            $whereParts[] = "(lat BETWEEN ? AND ?)";
+            $whereParts[] = "(lng BETWEEN ? AND ?)";
+            $bind[] = $lat;
+            $bind[] = $lng;
+            $bind[] = $lat;
+            $bind[] = $lat - $latRange;
+            $bind[] = $lat + $latRange;
+            $bind[] = $lng - $lngRange;
+            $bind[] = $lng + $lngRange;
+            $bind[] = $radius;
         }
 
         $where = $whereParts ? ('WHERE ' . implode(' AND ', $whereParts)) : '';
         $sql .= " FROM events $where";
         if ($distanceFiltering) {
-            $sql .= " HAVING distance_km <= :radius";
+            $sql .= " HAVING distance_km <= ?";
             $sql .= " ORDER BY distance_km ASC, starts_at ASC";
         } else {
             $sql .= " ORDER BY starts_at ASC";
         }
-        $sql .= " LIMIT :lim";
-        $bind['lim'] = (int)$limit;
+        $limit = (int)$limit;
+        $sql .= " LIMIT {$limit}";
 
         $stmt = $this->pdo->prepare($sql);
-        // Fix gebunden, um Parameter-Mismatch auszuschließen
-        $stmt->bindValue(':t0a', $bind['t0a'] ?? '', \PDO::PARAM_STR);
-        $stmt->bindValue(':t0b', $bind['t0b'] ?? '', \PDO::PARAM_STR);
-        $stmt->bindValue(':t0c', $bind['t0c'] ?? '', \PDO::PARAM_STR);
-        $stmt->bindValue(':t0d', $bind['t0d'] ?? '', \PDO::PARAM_STR);
-        $stmt->bindValue(':t0e', $bind['t0e'] ?? '', \PDO::PARAM_STR);
-        $stmt->bindValue(':t0f', $bind['t0f'] ?? '', \PDO::PARAM_STR);
-        $stmt->bindValue(':glat', $bind['glat'] ?? null, \PDO::PARAM_STR);
-        $stmt->bindValue(':glng', $bind['glng'] ?? null, \PDO::PARAM_STR);
-        $stmt->bindValue(':latMin', $bind['latMin'] ?? null, \PDO::PARAM_STR);
-        $stmt->bindValue(':latMax', $bind['latMax'] ?? null, \PDO::PARAM_STR);
-        $stmt->bindValue(':lngMin', $bind['lngMin'] ?? null, \PDO::PARAM_STR);
-        $stmt->bindValue(':lngMax', $bind['lngMax'] ?? null, \PDO::PARAM_STR);
-        $stmt->bindValue(':radius', $bind['radius'] ?? null, \PDO::PARAM_STR);
-        $stmt->bindValue(':lim', $bind['lim'] ?? (int)$limit, \PDO::PARAM_INT);
-
-        if (defined('APP_ENV') && APP_ENV === 'staging') {
-            $ph = [];
-            if (preg_match_all('/:([a-zA-Z0-9_]+)/', $sql, $m)) {
-                $ph = array_unique($m[0]);
-            }
-            $paramKeys = array_keys($bind);
-            $log = [
-                'placeholders' => $ph,
-                'params' => $paramKeys,
-                'sql' => $sql,
-                'bind' => $bind,
-            ];
-            @file_put_contents(__DIR__ . '/../../debug/search_debug.log', print_r($log, true));
-        }
 
         try {
             $stmt->execute();