Partial Class arama_sonuclari
    Inherits System.Web.UI.Page

    Private Sub arama_sonuclari_Init(sender As Object, e As EventArgs) Handles Me.Init
        Dim i As Integer
        Dim sql As String = ""
        Dim gelen As String = ""

        'haberler database inde arama
        Dim querycount As Integer = Request.QueryString.Count
        If querycount > 1 Then
            For i = 0 To querycount - 1 Step 1
                gelen = guvenlik(Request.QueryString(i).ToString())
                sql += "(BASLIK LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR BASLIK LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR DETAY LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR DETAY LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%') AND "
                lblsearchtitle.Text += guvenlik(Request.QueryString(i).ToString()) + " "
            Next
            sql = sql.Substring(0, sql.Length - 4)
        Else
            gelen = guvenlik(Request.QueryString(0).ToString())
            sql += "(BASLIK LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR BASLIK LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR DETAY LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR DETAY LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%')"
            lblsearchtitle.Text = guvenlik(Request.QueryString(0).ToString())
        End If

        SqlDataSource1.SelectCommand = "SELECT * FROM HABERLER WHERE " & sql.ToString & " ORDER BY TARIH DESC"

        'duyuru-etkinlik database inde arama
        sql = ""
        gelen = ""
        querycount = Request.QueryString.Count
        If querycount > 1 Then
            For i = 0 To querycount - 1 Step 1
                gelen = guvenlik(Request.QueryString(i).ToString())
                sql += "(BASLIK LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR BASLIK LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR DETAY LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR DETAY LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%') AND "
            Next
            sql = sql.Substring(0, sql.Length - 4)
        Else
            gelen = guvenlik(Request.QueryString(0).ToString())
            sql += "(BASLIK LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR BASLIK LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR DETAY LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR DETAY LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%')"
        End If

        SqlDataSource2.SelectCommand = "SELECT * FROM DUYURULAR WHERE " & sql.ToString & " ORDER BY TARIH DESC"

        'firma rehberi database inde arama
        sql = ""
        gelen = ""
        querycount = Request.QueryString.Count
        If querycount > 1 Then
            For i = 0 To querycount - 1 Step 1
                gelen = guvenlik(Request.QueryString(i).ToString())
                sql += "(KATEGORI LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR KATEGORI LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR UNVAN LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR UNVAN LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR YETKILI LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR YETKILI LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR FIRMABILGI LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR FIRMABILGI LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR WEBADRES LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR WEBADRES LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%') AND "
            Next
            sql = sql.Substring(0, sql.Length - 4)
        Else
            gelen = guvenlik(Request.QueryString(0).ToString())
            sql += "(KATEGORI LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR KATEGORI LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR UNVAN LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR UNVAN LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR YETKILI LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR YETKILI LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR FIRMABILGI LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR FIRMABILGI LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%' OR WEBADRES LIKE '%" + gelen.ToLower.Replace("ı", "i") + "%' OR WEBADRES LIKE '%" + gelen.ToUpper.Replace("İ", "I") + "%')"
        End If

        SqlDataSource3.SelectCommand = "SELECT * FROM FIRMAREHBERI WHERE " & sql.ToString & " ORDER BY KATEGORI, UNVAN"
    End Sub

    Private Function guvenlik(ByVal cevir As String) As String
        cevir = Regex.Replace(cevir, ",", "")
        cevir = Regex.Replace(cevir, "/", "")
        cevir = Regex.Replace(cevir, vbLf, "")
        cevir = Regex.Replace(cevir, "/?", "")
        cevir = Regex.Replace(cevir, "/*", "")
        cevir = Regex.Replace(cevir, "'", "")
        cevir = Regex.Replace(cevir, "&", "")
        cevir = Regex.Replace(cevir, "<", "")
        cevir = Regex.Replace(cevir, ">", "")
        cevir = Regex.Replace(cevir, "=", "")
        cevir = Regex.Replace(cevir, "&gt;", "")
        cevir = Regex.Replace(cevir, "&lt;", "")
        cevir = Regex.Replace(cevir, "--", "")
        cevir = Regex.Replace(cevir, "char ", "")
        cevir = Regex.Replace(cevir, "delete ", "")
        cevir = Regex.Replace(cevir, "insert ", "")
        cevir = Regex.Replace(cevir, "update ", "")
        cevir = Regex.Replace(cevir, "select ", "")
        cevir = Regex.Replace(cevir, "truncate ", "")
        cevir = Regex.Replace(cevir, "union ", "")
        cevir = Regex.Replace(cevir, "script ", "")
        Return cevir
    End Function

End Class