lemeck Posted July 25, 2013 Share Posted July 25, 2013 hi everyonecan anyone help me in my code for the search i have a form i have an error this is my code for the form <form name='search' method='post' action''> <input type='text' name='searchtext'> <input type='submit' name='search' value='search'> </form> i put it after the include database on the upper side but its givig me notice undefined index: searchtext here's my php command for the pagination and results //Count the total number of row in your table*/ $count_query = mysql_query("SELECT COUNT(personid) AS numrows FROM persons"); $row = mysql_fetch_array($count_query); $numrows = $row['numrows']; $total_pages = ceil($numrows/$per_page); $reload = 'index.php'; //main query to fetch the data $query = mysql_query("SELECT * FROM persons ORDER by RAND() LIMIT $offset,$per_page"); //loop through fetched data while($result = mysql_fetch_array($query)){ $id = $result['PersonID']; echo "<div class= content > "; echo"<img height=100 width=100 src='upload/". $result['Image'] ."'/>"; echo "<font color='black'>". $result['FirstName']. "</font></br>"; echo "</div>"; i have this query // basic SQL-injection protection $searchText = htmlspecialchars ($_POST['searchText']); // query with simple search criteria $query = mysql_query("SELECT * FROM persons WHERE FirstName LIKE '%" . $searchText . "%' ORDER by RAND() LIMIT $offset,$per_page"); maybe i got wrong because at the start of the page the page start value of searchtext = nothing right is that the reason i'm getting the error? here is the output Quote Link to comment Share on other sites More sharing options...
Psycho Posted July 25, 2013 Share Posted July 25, 2013 htmlspecialchars() is NOT an appropriate manner to prevent sql injection and will actually prevent searching on some values. //Set searchtest from POST if exists, else set to empty string $searchText = isset($_POST['searchText']) ? trim($_POST['searchText']) : ''; //Create WHERE clause $WHERE = ''; if(!empty($searchText)) { $searchText = mysql_real_escape_string($searchText); $WHERE = "WHERE FirstName LIKE '%{$searchText}%"; } // query with simple search criteria $sql = "SELECT * FROM persons {$WHERE} ORDER by RAND() LIMIT $offset, $per_page"; $query = mysql_query($sql); Quote Link to comment Share on other sites More sharing options...
lemeck Posted July 26, 2013 Author Share Posted July 26, 2013 htmlspecialchars() is NOT an appropriate manner to prevent sql injection and will actually prevent searching on some values. //Set searchtest from POST if exists, else set to empty string $searchText = isset($_POST['searchText']) ? trim($_POST['searchText']) : ''; //Create WHERE clause $WHERE = ''; if(!empty($searchText)) { $searchText = mysql_real_escape_string($searchText); $WHERE = "WHERE FirstName LIKE '%{$searchText}%"; } // query with simple search criteria $sql = "SELECT * FROM persons {$WHERE} ORDER by RAND() LIMIT $offset, $per_page"; $query = mysql_query($sql); goodmorning the code you suggested did work but it's not giving me the search i wanted here's my whole code hope you can help i'm just a beginner still learning php <?php include_once('includes/dbConnect.php'); ?> <form action='' method='POST'> <input type='text' name='searchtext' /> <input type='submit' name='submit' value='Search' /> </p> <?php //Set searchtest from POST if exists, else set to empty string $searchText = isset($_POST['searchText']) ? trim($_POST['searchText']) : ''; //Create WHERE clause $WHERE = ''; if(!empty($searchText)) { $searchText = mysql_real_escape_string($searchText); $WHERE = "WHERE FirstName LIKE '%{$searchText}%"; } $action = (isset($_REQUEST['action'])&& $_REQUEST['action'] !=NULL)?$_REQUEST['action']:''; if($action == 'ajax'){ include 'pagination.php'; //include pagination file //pagination variables $page = (isset($_REQUEST['page']) && !empty($_REQUEST['page']))?$_REQUEST['page']:1; $per_page = 5; //how much records you want to show $adjacents = 5; //gap between pages after number of adjacents $offset = ($page - 1) * $per_page; //Count the total number of row in your table*/ $count_query = mysql_query("SELECT COUNT(personid) AS numrows FROM persons"); $row = mysql_fetch_array($count_query); $numrows = $row['numrows']; $total_pages = ceil($numrows/$per_page); $reload = 'index.php'; //search // basic SQL-injection protection //main query to fetch the data $sql = "SELECT * FROM persons {$WHERE} ORDER by RAND() LIMIT $offset, $per_page"; $query = mysql_query($sql); //loop through fetched data while($result = mysql_fetch_array($query)){ $id = $result['PersonID']; echo "<div class= content > "; echo"<img height=100 width=100 src='upload/". $result['Image'] ."'/>"; echo "<font color='black'>". $result['FirstName']. "</font></br>"; echo "</div>"; } echo paginate($reload, $page, $total_pages, $adjacents); } else{ mysql_close($con); ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Simple Ajax Pagination With PHP And MySql</title> <script type="text/javascript" src="jquery-1.5.2.min.js"></script> <link media="screen" href="style.css" type="text/css" rel="stylesheet"> <script type="text/javascript"> $(document).ready(function(){ load(1); }); function load(page){ $("#loader").fadeIn('slow'); $.ajax({ url:'index.php?action=ajax&page='+page, success:function(data){ $(".outer_div").html(data).fadeIn('slow'); $("#loader").fadeOut('slow'); } }) } </script> </form> </head> <body> <div id="loader"><img src="loader.gif"></div> <div class="outer_div"></div> </body> </html> <?php }?> it's not showing the nico i think it's because of the count row not really sure here's the code of my php script for pagination <?php function paginate($reload, $page, $tpages, $adjacents) { $prevlabel = "‹ Prev"; $nextlabel = "Next ›"; $out = '<div class="pagin green">'; // previous label if($page==1) { $out.= "<span>$prevlabel</span>"; } else if($page==2) { $out.= "<a href='javascript:void(0);' onclick='load(1)'>$prevlabel</a>"; }else { $out.= "<a href='javascript:void(0);' onclick='load(".($page-1).")'>$prevlabel</a>"; } // first label if($page>($adjacents+1)) { $out.= "<a href='javascript:void(0);' onclick='load(1)'>1</a>"; } // interval if($page>($adjacents+2)) { $out.= "...\n"; } // pages $pmin = ($page>$adjacents) ? ($page-$adjacents) : 1; $pmax = ($page<($tpages-$adjacents)) ? ($page+$adjacents) : $tpages; for($i=$pmin; $i<=$pmax; $i++) { if($i==$page) { $out.= "<span class='current'>$i</span>"; }else if($i==1) { $out.= "<a href='javascript:void(0);' onclick='load(1)'>$i</a>"; }else { $out.= "<a href='javascript:void(0);' onclick='load(".$i.")'>$i</a>"; } } // interval if($page<($tpages-$adjacents-1)) { $out.= "...\n"; } // last if($page<($tpages-$adjacents)) { $out.= "<a href='javascript:void(0);' onclick='load($tpages)'>$tpages</a>"; } // next if($page<$tpages) { $out.= "<a href='javascript:void(0);' onclick='load(".($page+1).")'>$nextlabel</a>"; }else { $out.= "<span>$nextlabel</span>"; } $out.= "</div>"; return $out; } ?> thanks wish you can help me Quote Link to comment Share on other sites More sharing options...
lemeck Posted July 26, 2013 Author Share Posted July 26, 2013 and it's giving me a double search on the upper and center side messing with the loop Quote Link to comment Share on other sites More sharing options...
lemeck Posted July 26, 2013 Author Share Posted July 26, 2013 i think the problem is in the get method or the count method always counting even there's a search query when i tried to change the value to $searchtext = 'ermel' it search and display so i think the get method is the one at fault or the array field . <?php include_once('includes/dbConnect.php'); ?> <form action='' method='POST'> <input type='text' name='searchtext' /> <input type='submit' name='submit' value='Search' /> </p> <?php //Set searchtest from POST if exists, else set to empty string $searchText = isset($_POST['searchText']) ? trim($_POST['searchText']) : ''; //Create WHERE clause $WHERE = ''; if(!empty($searchText)) { $searchText = mysql_real_escape_string($searchText); $WHERE = "WHERE FirstName LIKE '%{$searchText}%"; } $action = (isset($_REQUEST['action'])&& $_REQUEST['action'] !=NULL)?$_REQUEST['action']:''; if($action == 'ajax'){ include 'pagination.php'; //include pagination file //pagination variables $page = (isset($_REQUEST['page']) && !empty($_REQUEST['page']))?$_REQUEST['page']:1; $per_page = 5; //how much records you want to show $adjacents = 5; //gap between pages after number of adjacents $offset = ($page - 1) * $per_page; //Count the total number of row in your table*/ $count_query = mysql_query("SELECT COUNT(personid) AS numrows FROM persons"); $row = mysql_fetch_array($count_query); $numrows = $row['numrows']; $total_pages = ceil($numrows/$per_page); $reload = 'index.php'; //search // basic SQL-injection protection //main query to fetch the data $sql = "SELECT * FROM persons {$WHERE} ORDER by RAND() LIMIT $offset, $per_page"; $query = mysql_query($sql); //loop through fetched data while($result = mysql_fetch_array($query)){ $id = $result['PersonID']; echo "<div class= content > "; echo"<img height=100 width=100 src='upload/". $result['Image'] ."'/>"; echo "<font color='black'>". $result['FirstName']. "</font></br>"; echo "</div>"; } echo paginate($reload, $page, $total_pages, $adjacents); } else{ mysql_close($con); ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Simple Ajax Pagination With PHP And MySql</title> <script type="text/javascript" src="jquery-1.5.2.min.js"></script> <link media="screen" href="style.css" type="text/css" rel="stylesheet"> <script type="text/javascript"> $(document).ready(function(){ load(1); }); function load(page){ $("#loader").fadeIn('slow'); $.ajax({ url:'index.php?action=ajax&page='+page, success:function(data){ $(".outer_div").html(data).fadeIn('slow'); $("#loader").fadeOut('slow'); } }) } </script> </form> </head> <body> <div id="loader"><img src="loader.gif"></div> <div class="outer_div"></div> </body> </html> <?php }?> and here's the code for pagination any suggestion would help <?php function paginate($reload, $page, $tpages, $adjacents) { $prevlabel = "‹ Prev"; $nextlabel = "Next ›"; $out = '<div class="pagin green">'; // previous label if($page==1) { $out.= "<span>$prevlabel</span>"; } else if($page==2) { $out.= "<a href='javascript:void(0);' onclick='load(1)'>$prevlabel</a>"; }else { $out.= "<a href='javascript:void(0);' onclick='load(".($page-1).")'>$prevlabel</a>"; } // first label if($page>($adjacents+1)) { $out.= "<a href='javascript:void(0);' onclick='load(1)'>1</a>"; } // interval if($page>($adjacents+2)) { $out.= "...\n"; } // pages $pmin = ($page>$adjacents) ? ($page-$adjacents) : 1; $pmax = ($page<($tpages-$adjacents)) ? ($page+$adjacents) : $tpages; for($i=$pmin; $i<=$pmax; $i++) { if($i==$page) { $out.= "<span class='current'>$i</span>"; }else if($i==1) { $out.= "<a href='javascript:void(0);' onclick='load(1)'>$i</a>"; }else { $out.= "<a href='javascript:void(0);' onclick='load(".$i.")'>$i</a>"; } } // interval if($page<($tpages-$adjacents-1)) { $out.= "...\n"; } // last if($page<($tpages-$adjacents)) { $out.= "<a href='javascript:void(0);' onclick='load($tpages)'>$tpages</a>"; } // next if($page<$tpages) { $out.= "<a href='javascript:void(0);' onclick='load(".($page+1).")'>$nextlabel</a>"; }else { $out.= "<span>$nextlabel</span>"; } $out.= "</div>"; return $out; } ?> the get tag Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.