Page 1 of 1

newest update to my search engine

Posted: Fri Feb 07, 2014 5:07 pm
by etsted
my search engine now works, but there is some problem whit my pagination. Every time i click on "Next" the search bar gets an error saying that $k is undefined. And messes up the search result.

Code: Select all

    <h1>Search:</h1>
        <form action="search.php" method="GET" class="search">
            <input type="text" name="k" size='50' value="<?php echo $_GET['k']; ?>" />
            <input type="submit" name="submit" value='Search' />
        </form>
        
        
            <?php
            $username = $_SESSION['username'];
            if(isset($username))
            {
                include "navigator/navigator_login.php";
            } else {
            include "navigator/navigator.php";
            }
            ?>
        
        <hr />
        
        
 
       <?php
       
       include "connect.php";
       $k = mysqli_real_escape_string($con, htmlentities(trim($_GET['k'])));
       
       $terms = explode(" ", $k);
       $query = "SELECT * FROM videos WHERE ";
      
       $i = 0;
       
       foreach($terms as $each) {
        
         $i++;
        
        if($i == 1) {
            $query .= "description LIKE '%$each%' ";
        } else {
            $query .= "AND description LIKE '%$each%' ";
        }
       
       }
       
       $result = mysqli_query($con, $query) or die(mysqli_error($con));
       $numrows = mysqli_num_rows($result);
       
       
          
        
$count_query = mysqli_query($con, "SELECT NULL FROM videos");
$count = mysqli_num_rows($count_query);
 
if(isset($_GET['search'])) {
    $page = preg_replace("#[^0-9]#","",$_GET['search']);
} else {
    $page = 1;
}
 
$perPage = 2;
$lastPage = ceil($count/$perPage);
 
if($page < 1) {
    $page = 1;
} else {
    if($page > $lastPage) {
        $page = $lastPage;
    }
}
 
$limit = "LIMIT " . ($page - 1) * $perPage . ", $perPage";
$query1 = mysqli_query($con, "SELECT * FROM videos ORDER BY id DESC $limit");
 
if($lastPage != 1) {
    if($page != 1) {
        $prev = $page - 1;
        $pagination .= '<a href="search.php?search='.$prev.'">Previous</a> ';
    }
    
    if($page != $lastPage) {
        $next = $page + 1;
        $pagination .= '<a href="search.php?search='.$next.'">Next</a>';
    }
}
 
while($row = mysqli_fetch_array($query1)) {
    $title = $row['title'];
    $url = $row['url'];
    $description = $row['description'];
    
    if($numrows > 0)
       {
        while($row = mysqli_fetch_array($result))
        {
         $id = $row['id'];
         $title = $row['title'];
         $url = $row['url'];
         $description = $row['description'];
         
         
         if($k == "") {
             echo "";
         } else {
             echo "<h3><a href='$url'>$title</a></h3>
             $description";
         }
        }
       } else {
        echo "no results on $k";
       }
}
 
echo $pagination;
   
 
       mysqli_close($con);
 
 
       ?>
how do i fix it?

Re: newest update to my search engine

Posted: Fri Feb 07, 2014 6:54 pm
by requinix
Just one thread for a question, please.

You need to pass k in the previous and next URLs too - PHP won't automatically remember it for you, or something.

Code: Select all

$pagination .= '<a href="search.php?search='.$prev.'&k='.urlencode($k).'">Previous</a> ';
Once you've done that you'll discover that if you use anything with quotes or &s or some other symbols, the second page might not show results. Hitting previous doesn't show any either. If you look carefully at the URL you'll see the k value gets crazier and crazier every time you click one of those links. The problem is

Code: Select all

$k = mysqli_real_escape_string($con, htmlentities(trim($_GET['k'])));
you take the value and do stuff to it when you shouldn't. You can trim() it if you'd like, but don't use htmlentities() or mysqli_real_escape_string() yet: only just before you need to. (That's best practice for most kinds of "escaping" and "sanitizing" and such.) So wait to use htmlentities() [1] until just before you output k in your HTML, and mysqli_real_escape_string() [2] just before you put k in your query.

Code: Select all

$k = trim($_GET['k']);

Code: Select all

foreach($terms as $each) {
    $each = mysqli_real_escape_string($con, $each);
(You don't actually need htmlentities(), according to your current code and my proposed changes, because in those two places you urlencode() it and that is enough.)

[1] htmlspecialchars() is actually better as it doesn't escape things that don't need to be escaped.
[2] mysqli offers prepared statements: learn about them because they are sometimes faster and always safer than regular queries.

Re: newest update to my search engine

Posted: Sat Feb 08, 2014 5:26 am
by etsted
i've updated my search engine, but i have a problem whit my variable $perPage. It doesn't seem to be working. Is it because i am using a while loop at the end?

why dosent my $perPage variable work?

include "connect.php";
if(isset($k))
{
$k = "";
} else {
$k = trim($_GET['k']);
}


$terms = explode(" ", $k);
$query = "SELECT * FROM videos WHERE ";

$i = 0;

foreach($terms as $each) {
$each = mysqli_real_escape_string($con, $each);
$i++;

if($i == 1) {
$query .= "description LIKE '%$each%' ";
} else {
$query .= "AND description LIKE '%$each%' ";
}

}

$result = mysqli_query($con, $query) or die(mysqli_error($con));
$numrows = mysqli_num_rows($result);




$count_query = mysqli_query($con, "SELECT NULL FROM videos");
$count = mysqli_num_rows($count_query);

if(isset($_GET['search'])) {
$page = preg_replace("#[^0-9]#","",$_GET['search']);
} else {
$page = 1;
}

$perPage = 2;
$lastPage = ceil($count/$perPage);

if($page < 1) {
$page = 1;
} else {
if($page > $lastPage) {
$page = $lastPage;
}
}

$limit = "LIMIT " . ($page - 1) * $perPage . ", $perPage";
$query = mysqli_query($con, "SELECT * FROM videos ORDER BY id DESC $limit");
$pagination = "";

if($lastPage != 1) {
if($page != 1) {
$prev = $page - 1;
$pagination .= '<a href="search.php?search='.$prev.'&k='.urlencode($k).'">Previous</a> ';
}

if($page != $lastPage) {
$next = $page + 1;
$pagination .= '<a href="search.php?search='.$next.'&k='.urlencode($k).'">Next</a>';
}
}

while($row = mysqli_fetch_array($query)) {
$title = $row['title'];
$url = $row['url'];
$description = $row['description'];

if($numrows > 0)
{
while($row = mysqli_fetch_array($result))
{
$id = $row['id'];
$title = $row['title'];
$url = $row['url'];
$description = $row['description'];


if($k == "") {
echo "";
} else {
echo "<h3><a href='$url'>$title</a></h3>
$description";
}
}
} else {
echo "no results on $k";
}
}

echo "<br /> <br /> <br />";
echo $pagination;

Re: newest update to my search engine

Posted: Sat Feb 08, 2014 6:39 am
by Celauran
etsted wrote:i have a problem whit my variable $perPage. It doesn't seem to be working.
Could you be a little more specific? Also, your code is a mess and impossible to read. Please use [ syntax ] tags (see PHP Code button in editor).