Page 2 of 2

Re: results not showing

Posted: Mon Feb 14, 2011 1:03 pm
by peachiness
litebearer wrote:does you config file have ANY security checks?
this is my config file

Code: Select all

<?php

if($indexCheck == "yes")
{
//datbase information
$db_user = "";
$db_pass = "";
$db_host = 'localhost';
mysql_connect($db_host,$db_user,$db_pass);
@mysql_select_db('a2288820_data') or die( "Unable to select database");

/*SQL
 CREATE TABLE `a2288820_data`.`pdf`(
`id` INT( 11 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`type` VARCHAR( 100 ) NOT NULL ,
`year` VARCHAR( 4 ) NOT NULL ,
`month` VARCHAR( 16 ) NOT NULL ,
`date` VARCHAR( 2 ) NOT NULL ,
`author1` VARCHAR( 100 ) NOT NULL ,
`author2` VARCHAR( 100 ) NOT NULL ,
`author3` VARCHAR( 100 ) NOT NULL ,
`author4` VARCHAR( 100 ) NOT NULL ,
`author5` VARCHAR( 100 ) NOT NULL ,
`author6` VARCHAR( 100 ) NOT NULL ,
`author7` VARCHAR( 100 ) NOT NULL ,
`author8` VARCHAR( 100 ) NOT NULL ,
`author9` VARCHAR( 100 ) NOT NULL ,
`author10` VARCHAR( 100 ) NOT NULL ,
`author11` VARCHAR( 100 ) NOT NULL ,
`author12` VARCHAR( 100 ) NOT NULL ,
`author13` VARCHAR( 100 ) NOT NULL ,
`author14` VARCHAR( 100 ) NOT NULL ,
`author15` VARCHAR( 100 ) NOT NULL ,
`author16` VARCHAR( 100 ) NOT NULL ,
`author17` VARCHAR( 100 ) NOT NULL ,
`author18` VARCHAR( 100 ) NOT NULL ,
`author19` VARCHAR( 100 ) NOT NULL ,
`author20` VARCHAR( 100 ) NOT NULL ,
`keyword1` VARCHAR( 100 ) NOT NULL ,
`keyword2` VARCHAR( 100 ) NOT NULL ,
`keyword3` VARCHAR( 100 ) NOT NULL ,
`keyword4` VARCHAR( 100 ) NOT NULL ,
`keyword5` VARCHAR( 100 ) NOT NULL ,
`keyword6` VARCHAR( 100 ) NOT NULL ,
`keyword7` VARCHAR( 100 ) NOT NULL ,
`keyword8` VARCHAR( 100 ) NOT NULL ,
`keyword9` VARCHAR( 100 ) NOT NULL ,
`keyword10` VARCHAR( 100 ) NOT NULL ,
`full reference` text NOT NULL ,
`link` VARCHAR( 22 ) NOT NULL
) ENGINE = InnoDB 
*/
 
//General Page Information
$pgTitle = "Publications";

//Password and Username
$username1 = "";
$password1 = "";

}
else
{
	require('error.php');
	error('505');
}
?>
should i include


$indexCheck = "yes";
require('config.php');
session_start();
if(@$_SESSION['log'])
@$userCheck = "admin";

in the search_me.php

Re: results not showing

Posted: Mon Feb 14, 2011 1:08 pm
by litebearer
for this test you need to bypass the security - NO ONE except you knows where the file is OR its name. Because the script I posted does NOT have the right security 'code' the script fails.

Once you have tested it AND it gives you a vaild result, simply delete the file for your own sense of 'safety'

Re: results not showing

Posted: Mon Feb 14, 2011 1:14 pm
by litebearer
Perhaps this is easier, just fill in the blanks...

Code: Select all

<?PHP
$db_user = "";
$db_pass = "";
$db_host = 'localhost';
mysql_connect($db_host,$db_user,$db_pass);
@mysql_select_db('a2288820_data') or die( "Unable to select database");
//General Page Information
$pgTitle = "Publications";
//Password and Username
$username1 = "";
$password1 = "";
$search_term = "master thesis";
$query = "SELECT * FROM publications WHERE type LIKE '%$search_term%'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result)) {
	echo $row['author1'] . " - " . $row['author2'] . "<br/>";
}
?>

Re: results not showing

Posted: Mon Feb 14, 2011 1:25 pm
by peachiness
I get a blank page when I run it...
litebearer wrote:Perhaps this is easier, just fill in the blanks...

Code: Select all

<?PHP
$db_user = "";
$db_pass = "";
$db_host = 'localhost';
mysql_connect($db_host,$db_user,$db_pass);
@mysql_select_db('a2288820_data') or die( "Unable to select database");
//General Page Information
$pgTitle = "Publications";
//Password and Username
$username1 = "";
$password1 = "";
$search_term = "master thesis";
$query = "SELECT * FROM publications WHERE type LIKE '%$search_term%'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result)) {
	echo $row['author1'] . " - " . $row['author2'] . "<br/>";
}
?>

Re: results not showing

Posted: Mon Feb 14, 2011 1:28 pm
by litebearer
remove the @ and run again

Re: results not showing

Posted: Mon Feb 14, 2011 1:33 pm
by peachiness
litebearer wrote:remove the @ and run again
same thing.... :?

Re: results not showing

Posted: Mon Feb 14, 2011 1:37 pm
by litebearer
try this...

Code: Select all

<?PHP
$db_user = "";
$db_pass = "";
$db_host = 'localhost';
mysql_connect($db_host,$db_user,$db_pass);
mysql_select_db('a2288820_data') or die( "Unable to select database");
//General Page Information
$pgTitle = "Publications";
//Password and Username
$username1 = "";
$password1 = "";
$query = "SELECT * FROM publications";
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);
echo $num_rows;
exit();

/*
$search_term = "master thesis";
$query = "SELECT * FROM publications WHERE type LIKE '%$search_term%'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result)) {
        echo $row['author1'] . " - " . $row['author2'] . "<br/>";
}
*/
?>


Re: results not showing

Posted: Mon Feb 14, 2011 1:48 pm
by peachiness
I got

171

that should be the count of all the rows
litebearer wrote:try this...

Code: Select all

<?PHP
$db_user = "";
$db_pass = "";
$db_host = 'localhost';
mysql_connect($db_host,$db_user,$db_pass);
mysql_select_db('a2288820_data') or die( "Unable to select database");
//General Page Information
$pgTitle = "Publications";
//Password and Username
$username1 = "";
$password1 = "";
$query = "SELECT * FROM publications";
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);
echo $num_rows;
exit();

/*
$search_term = "master thesis";
$query = "SELECT * FROM publications WHERE type LIKE '%$search_term%'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result)) {
        echo $row['author1'] . " - " . $row['author2'] . "<br/>";
}
*/
?>


Re: results not showing

Posted: Mon Feb 14, 2011 2:15 pm
by John Cartwright
My suggestion.. do what I suggested in my first post and report the results :D

Re: results not showing

Posted: Mon Feb 14, 2011 2:25 pm
by peachiness
so this is what i ended up with

you searched for XX

With no results and no prompting me 'no results found'

I used this code

Code: Select all


<?php

//get data

$db_user = "";
$db_pass = "";
$db_host = 'localhost';
mysql_connect($db_host,$db_user,$db_pass);
@mysql_select_db('a2288820_data') or die( "Unable to select database");
//General Page Information
$pgTitle = "Publications";
//Password and Username
$username1 = "";
$password1 = "";
$button = $_GET['submit'];
$search = $_GET['search'];

if (!$button) 
	echo "You didn't submit a keyword.";
else
{
if (strlen($search)<=2)
echo "search term too short.";
else
{
echo "You searched for $search <hr size='1'>";


//connect to database and search

mysql_connect("localhost", "rister", "none");

mysql_select_db ("a2288820_data");



//explode our search term

$search_exploded = explode("", $search);

// doughhhhh

foreach($search_exploded as $search_each)

//construct query
echo "SELECT * FROM publications WHERE $construct";
exit();

$x++;
if ($x==1)
$construct .="keyword1 LIKE '%$search_each%'";
else
$construct .=" OR keyword2 LIKE '%$search_each%'";


//echo out construct
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
$construct = "SELECT * FROM publications WHERE $construct";
$run = mysql_query($construct);

$foundnum = mysql_num_rows($run);


if ($foundnum==0)
echo "No results found.";

else
{
echo "$foundnum results found!<p>";

while ($runrows = mysql_fetch_assoc())
{

//get data

$author = $runrows['author1'];

echo "echo $construct";


}

}


}
}

?>

John Cartwright wrote:My suggestion.. do what I suggested in my first post and report the results :D

Re: results not showing

Posted: Mon Feb 14, 2011 2:48 pm
by John Cartwright
Please actually read my first post..

Re: results not showing

Posted: Mon Feb 14, 2011 3:19 pm
by peachiness
John Cartwright wrote:Please actually read my first post..
Right, I added the
echo "SELECT * FROM publications WHERE $construct";
exit();
This time I changed the place and i got this:


You searched for test
SELECT * FROM publications WHERE

Re: results not showing

Posted: Mon Feb 14, 2011 4:10 pm
by peachiness
The following works. But how do I get it to search for both date AND author together?

Code: Select all

<?php


	$indexCheck = "yes";
	require('config.php');
	session_start();
	if(@$_SESSION['log'])
	@$userCheck = "admin";
	$sort1 = @$_GET['sort'];
	$search = @$_GET['search'];
	$sortBy = @$_GET['by'];

//advanced search output by AUTHOR

	if($sort1 == "Author")
	{
		$authors = array();
		$i = 0;


		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author1") or die(mysql_error());
		while((@@$row = mysql_fetch_array($result)))
		{
			if(@$row[5] != ""){
			if(!in_array(@$row[5],$authors)){
			$authors[$i] = @@$row[5];
			$i++;
			}
				}
		}
		
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author2");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[6] != ""){
			if(!in_array(@$row[6],$authors)){
			$authors[$i] = @@$row[6];
			$i++;
			}
				}
		}
		
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author3");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[7] != ""){
			if(!in_array(@$row[7],$authors)){
			$authors[$i] = @@$row[7];
			$i++;
			}
				}
		}
		
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author4");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}
		
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author5");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[9] != ""){
			if(!in_array(@$row[9],$authors)){
			$authors[$i] = @@$row[9];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author6");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author7");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author8");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author9");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author10");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[10] != ""){
			if(!in_array(@$row[10],$authors)){
			$authors[$i] = @@$row[10];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author11");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author12");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author13");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author14");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}

		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author15");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY author16");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[8] != ""){
			if(!in_array(@$row[8],$authors)){
			$authors[$i] = @@$row[8];
			$i++;
			}
				}
		}
				echo "<select onChange=\"javascript: if (this.value != 'NULL') { searchBase(this.value,'$sort1')}\">";
				echo "<option value=\"NULL\">Choose an author to search by </option>";
		for($b=0;$b<sizeOf($authors);$b++)
			{
				echo "<option value=\"$authors[$b]\">$authors[$b]</option>";
			}
				echo "</select>";
	}
//advanced search output by KEYWORD
	if($sort1 == "Keyword")
	{
		$keyword = array();
		$i = 0;
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY keyword1");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[24] != ""){
			if(!in_array(@$row[24],$keyword)){
			$keyword[$i] = @@$row[24];
			$i++;
			}
			}
		}
		
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY keyword2");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[25] != ""){
			if(!in_array(@$row[25],$keyword)){
			$keyword[$i] = @@$row[25];
			$i++;
			}
			}
		}
		
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY keyword3");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[26] != ""){
			if(!in_array(@$row[26],$keyword)){
			$keyword[$i] = @@$row[26];
			$i++;
			}
			}
		}
		
			$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY keyword3");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[27] != ""){
			if(!in_array(@$row[27],$keyword)){
			$keyword[$i] = @@$row[27];
			$i++;
			}
			}
		}
			$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY keyword3");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[28] != ""){
			if(!in_array(@$row[28],$keyword)){
			$keyword[$i] = @@$row[28];
			$i++;
			}
			}
		}
			$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY keyword3");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[29] != ""){
			if(!in_array(@$row[29],$keyword)){
			$keyword[$i] = @@$row[29];
			$i++;
			}
			}
		}
			$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY keyword3");
		while((@$row = mysql_fetch_array($result)))
		{
			if(@$row[30] != ""){
			if(!in_array(@$row[30],$keyword)){
			$keyword[$i] = @@$row[30];
			$i++;
			}
			}
		}
		
		
				echo "<select onChange=\"javascript: if (this.value != 'NULL') { searchBase(this.value,'$sort1')}\">";
				echo "<option value=\"NULL\">Choose a keyword to search by </option>";
		for($b=0;$b<sizeOf($keyword);$b++)
			{
				echo "<option value=\"$keyword[$b]\">$keyword[$b]</option>";
			}
				echo "</select>";
	}
//advanced search output by DATE 
	if($sort1 == "Date")
	{
		$d2 = array();
		$ia = 0;
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY year");
				echo "<select onChange=\"javascript: if (this.value != 'NULL') { searchBase(this.value,'$sort1')}\">";
				echo "<option value=\"NULL\">Choose a year to search by </option>";
		while((@$row = mysql_fetch_array($result)))
		{
			if((@$row[2] != "")){
			if(!in_array(@$row[2],$d2)){
			$temp = @@$row[2];
			$d2[$ia] = $temp;
			$ia++;
			}
			}
		}
		rsort($d2);		
		for($ia=0;$ia<sizeOf($d2);$ia++)
				echo "<option value=\"$d2[$ia]\">".$d2[$ia]."</option>";
				echo "</select>";
	}
	//advanced search output by TYPE
	if($sort1 == "Type")
	{
		$d2 = array();
		$ia = 0;
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY type");
				echo "<select onChange=\"javascript: if (this.value != 'NULL') { searchBase(this.value,'$sort1')}\">";
				echo "<option value=\"NULL\">Choose a type to search by </option>";
		while((@$row = mysql_fetch_array($result)))
		{
			if((@$row[1] != "")){
			if(!in_array(@$row[1],$d2)){
			$temp = @@$row[1];
			$d2[$ia] = $temp;
			$ia++;
			}
			}
		}
		
		for($ia=0;$ia<sizeOf($d2);$ia++)
		echo "<option value=\"$d2[$ia]\">".$d2[$ia]."</option>";
				echo "</select>";
	}
//advanced search output by FULL REF THAT IS NOT WORKING		
	if($sort1 == "Standard Reference")
	{
		$d2 = array();
		$ia = 0;
		$result = mysql_db_query("a2288820_data","SELECT * FROM publications ORDER BY stadRef");
				echo "<select onChange=\"javascript: if (this.value != 'NULL') { searchBase(this.value,'$sort1')}\">";
				echo "<option value=\"NULL\">Choose a Type to search by </option>";
		while((@$row = mysql_fetch_array($result)))
		{
			if((@$row[12] != "")){
			if(!in_array(@$row[12],$d2)){
			$temp = @@$row[12];
			$d2[$ia] = $temp;
			$ia++;
			}
			}
		}
		
		for($ia=0;$ia<sizeOf($d2);$ia++)
		echo "<option value=\"$d2[$ia]\">".$d2[$ia]."</option>";
				echo "</select>";
	}
	

	function echoSearchResultsTableHeader() {
		echo "<tr id=\"topRow\">";
		echo "<th>ID</th>";
echo "<th>Primary author</th>";
echo "<th>Secondary author</th>";
		echo "<th width=65%>Standard Reference</th>";
		echo "<th>Link</th>";
		echo "</tr>";
	}

//construct query
	function echoSearchResultsTableRows($search,$sortField,&$startIndex) {

		$trimmed=trim($search);

		$result = mysql_query("select * from publications where $sortField like \"%$trimmed%\" order by $sortField");
		echoMysqlSearchResultsTableRows($result,$startIndex);
	}


	function echoMysqlSearchResultsTableRows($result,&$startIndex) {
		$index = $startIndex;
		while(@$row = mysql_fetch_array($result))
		{
			echo "<tr>\n";
		if(@$userCheck == "admin"){
		echo "<td id=\"noLinkTd\"><a href=\"?page=edit&cID=".$row[0]."\">[Edit] ".$z."</a><br />";
		echo " <a href=\"javascript://\" onClick=\"deleteRow(".$row[0].",".$z.")\">[Remove]</a>";
		echo "</td>\n";
		}
		else
		echo "<td><b>".$row['id']."</b></td>\n";
		echo "<td align=center>".$row[5]."&nbsp; </td>\n";
		echo "<td align=center>".$row[6]."&nbsp; </td>\n";
		echo "<td>".$row[35]."&nbsp; </td>\n";
		echo "<td><a href=\"".$row[36]."\">".$row[36]."</a>&nbsp; </td>\n";
		echo "</tr>\n";
			$index++;
		}
		$startIndex = $index;
	}

			if(($search != null))
	{
		echo "<div id=\"sfor\">";
		echo "Searching for... ";
echo "<b>".$search."</b>";
echo "<div id=\"back\">";
			echo "<a href='http://agecon2.tamu.edu/people/faculty/rister-edward/dev/?page=view';>Return to full database</a>";
	


echo "</div>";
echo "</div>";
		
		echo "<div class=\"database\">";
		echo "<table class=\"sortable2\" cellspacing=\"0\" id=\"dataTable\">";

		echoSearchResultsTableHeader();

		$index = 0;
		
		if($sortBy == "Date")
		{
			echoSearchResultsTableRows($search,"year",$index);
		}
				
		if($sortBy == "Standard Reference")
		{
			echoSearchResultsTableRows($search,"stadRef",$index);
		}
		
		if($sortBy == "Type")
		{
			echoSearchResultsTableRows($search,"type",$index);
		}
		
		if($sortBy == "Keyword")
		{
			echoSearchResultsTableRows($search,"keyword1",$index);
			echoSearchResultsTableRows($search,"keyword2",$index);
			echoSearchResultsTableRows($search,"keyword3",$index);
			echoSearchResultsTableRows($search,"keyword4",$index);
		}
		
		if($sortBy == "Author")
		{
			echoSearchResultsTableRows($search,"author1",$index);
			echoSearchResultsTableRows($search,"author2",$index);
			echoSearchResultsTableRows($search,"author3",$index);
		}
		
		if($sortBy == "all")
		{
			echoSearchResultsTableRows($search,"author1",$index);
			echoSearchResultsTableRows($search,"author2",$index);
			echoSearchResultsTableRows($search,"author3",$index);
			echoSearchResultsTableRows($search,"keyword1",$index);
			echoSearchResultsTableRows($search,"keyword2",$index);
			echoSearchResultsTableRows($search,"keyword3",$index);
			echoSearchResultsTableRows($search,"keyword4",$index);
			echoSearchResultsTableRows($search,"month",$index);
			echoSearchResultsTableRows($search,"year",$index);
			echoSearchResultsTableRows($search,"date",$index);
		}

	
		echo "</table>";
		echo "</div>";



	}
	
	mysql_close();

 ?>