Hi,
I'm really worried that I've been duped out of some money. I paid a freelancer to write me some code to search my database and output results.
I was wondering if you'd be able to have a quick look at the code to see if anything looks like it's breaking?
The problem is that no matter what I search for, I always get one of the error messages. When I search for a record that I know should return some results, I get the "cannot find record" error.
The person I hired says he cannot replicate the problem. So either he's lying and sent me shoddy code, or it's something I did? I'm wondering if my database is set up correctly.
The attached db.jpg is the database - three tables, Merchants, Issues (FK MerchantID to Merchants > MerchantID), Updates (FK IssueID to Issues > IssueID). The tables are InnoDB.
I don't know if he's bugged the code so I have to go back and pay him more money?
db_con.php
known_issues.phpCode:<?php $con = mysql_connect("localhost","myusername","mypassword"); if (!$con) { die('Could not be connected: ' . mysql_error()); } mysql_select_db("my_db", $con); function cleanQuery($string) { if(get_magic_quotes_gpc()) // prevents duplicate backslashes { $string = stripslashes($string); } if (phpversion() >= '4.3.0') { $string = mysql_real_escape_string($string); } else { $string = mysql_escape_string($string); } return $string; } ?>
search.phpCode:<?php include("/var/www/vhosts/mysite.co.uk/httpdocs/password_protect.php"); ?> <?php include('db_con.php'); ?> <form method="post" action="search.php" enctype="multipart/form-data"> <input type="search" name="search_name" /> <input type="submit" name="save" value="Search" /> <br /><label class="small">Enter a merchant's name - partial search permitted.</label> </form> <p></p> <i class="error"> <?php if (isset($_REQUEST['status']) and $_REQUEST['status'] == 1) { ?> Thank You! <?php }else{ ?> <?php } ?> <?php if (isset($_REQUEST['status']) and $_REQUEST['status'] == 2) { ?> From must be greater than To! <?php }else{ ?> <?php } ?> <?php if ( isset($_GET['error']) and $_GET['error'] == 1 ) { ?> I'm sorry, you've entered an invalid search term. Please enter at least one letter or number to search the database correctly. <?php } ?> <?php if ( isset($_GET['error']) and $_GET['error'] == 2 ) { ?> I'm sorry, you've entered an invalid search term. Please enter at least one letter or number to search the database correctly. <?php } ?> <?php if ( isset($_GET['error']) and $_GET['error'] == 3 ) { ?> I'm sorry, your search term does not match a record in the database. If you are aware of an issue that you feel should be included in the database of known issues, please report this using the contact form - the issue will be reviewed and if necessary the database will be updated accordingly. <?php } ?> </i>
db.jpgCode:<?php include("/var/www/vhosts/mysite.co.uk/httpdocs/password_protect.php"); ?> <?php include_once('db_con.php'); if(isset($_POST['save']) and $_POST['save'] != ''){ $search = $_POST['search_name']; $search = cleanQuery($search); if($search == ''){ header("Location: known_issues.php?error=2"); exit; } if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $search)) { header("Location: known_issues.php?error=1"); exit; } ?> <!DOCTYPE HTML> <html> <head> <title>Search Results</title> </head> <body> <form method="post" action="search.php" enctype="multipart/form-data"> <input type="search" name="search_name" /> <input type="submit" name="save" value="Search" /> <br /><label class="small">Enter a merchant's name - partial search permitted.</label> </form> <p></p> <?php $query = mysql_query("SELECT * FROM Merchants WHERE Name LIKE '%.$search_name.%'"); $num_rows = mysql_num_rows($query); if($num_rows!=0){ while($rows = mysql_fetch_assoc($query)){ $Name = $rows['Name']; $Phone = $rows['Phone']; $Email = $rows['Email']; $MerchantID = $rows['MerchantID']; $Privacy = $rows['Privacy']; if($Privacy == 'To:' or $Privacy == 'to:'){ $Privacy = '<i class="to">'.$Privacy.'</i>'; }if($Privacy == 'Bcc:' or $Privacy == 'bcc:'){ $Privacy = '<i class="bcc">'.$Privacy.'</i>'; } ?> <table class="records"> <tr> <td style="width: 375px"> <table class="merchant"> <tr> <td>Name:</td> <td><?php echo $Name; ?></td> </tr> <tr> <td>Phone:</td> <td><?php echo $Phone; ?></td> </tr> <tr> <td>Email:</td> <td><?php echo $Privacy; ?> <?php echo $Email; ?></td> </tr> </table> </td> <td> <?php $queryI = mysql_query("SELECT * FROM Issues WHERE MerchantID = '$MerchantID'"); $num_rowsI = mysql_num_rows($queryI); if($num_rowsI!=0){ ?> <?php $counter_issues = 1; while($rowsI = mysql_fetch_assoc($queryI)){ $DealID = $rowsI['DealID']; $DealDate = $rowsI['DealDate']; $timestamp_DealDate = strtotime($DealDate); $DealTitle = $rowsI['DealTitle']; $Category = $rowsI['Category']; $IssueDate = $rowsI['IssueDate']; $timestamp_IssueDate = strtotime($IssueDate); $Issue = $rowsI['Issue']; $Solution = $rowsI['Solution']; ?> <table class="issue"> <tr> <td colspan="2"><b>Issue #:</b> <?php echo $counter_issues; ?> / <b>Issue Date:</b> <?php echo date('d/m/y', $timestamp_IssueDate); ?> / <b>Deal ID:</b> <?php echo $DealID; ?> / <b>Deal Date (valid from):</b> <?php echo date('d/m/y', $timestamp_DealDate); ?></td> </tr> <tr> <td><b>Deal Title:</b> <?php echo $DealTitle; ?></td> <td class="category"><b>Category:</b> <?php echo $Category; ?></td> </tr> <tr> <td colspan="2"> <b>Issue:</b> <p></p> <?php echo $Issue; ?> <p><hr /></p> <b>Solution:</b> <p></p> <?php echo $Solution; ?> </td> </tr> </table> <?php $counter_updates = 1; $queryU = mysql_query("SELECT * FROM Updates WHERE IssueID = '$IssueID'"); $num_rowsU = mysql_num_rows($queryU); if($num_rowsU!=0){ while($rowsU = mysql_fetch_assoc($queryU)){ $Update = $rowsU['Update']; $UpdateDate = $rowsU['UpdateDate']; $timestamp = strtotime($UpdateDate); ?> <table class="update"> <tr> <td> <b>Update #:</b> <?php echo $counter_updates; ?> <p class="padding1"><b><?php echo date('d/m/y', $timestamp); ?></b></p> <p class="padding2"><?php echo $Update; ?></p> </td> </tr> </table> <?php $counter_updates++; } } ?> <?php $counter_issues++; } } ?> </td> </tr> </table> <?php } }else { header("Location: known_issues.php?error=3"); exit; } } ?> </body> </html>
Reply With Quote
Bookmarks