Hi,

I'm really worried that I've been duped out of some money. I paid a freelancer to write me some code to search my database and output results.

I was wondering if you'd be able to have a quick look at the code to see if anything looks like it's breaking?

The problem is that no matter what I search for, I always get one of the error messages. When I search for a record that I know should return some results, I get the "cannot find record" error.

The person I hired says he cannot replicate the problem. So either he's lying and sent me shoddy code, or it's something I did? I'm wondering if my database is set up correctly.

The attached db.jpg is the database - three tables, Merchants, Issues (FK MerchantID to Merchants > MerchantID), Updates (FK IssueID to Issues > IssueID). The tables are InnoDB.

I don't know if he's bugged the code so I have to go back and pay him more money?

db_con.php
Code:
<?php

 $con = mysql_connect("localhost","myusername","mypassword");
if (!$con)
  {
  die('Could not be connected: ' . mysql_error());
  }

mysql_select_db("my_db", $con);

function cleanQuery($string)
 {
    if(get_magic_quotes_gpc())  // prevents duplicate backslashes
    {
      $string = stripslashes($string);
    }
    if (phpversion() >= '4.3.0')
    {
      $string = mysql_real_escape_string($string);
    }
    else
    {
      $string = mysql_escape_string($string);
    }
    return $string;
 }
 
?>
known_issues.php
Code:
<?php include("/var/www/vhosts/mysite.co.uk/httpdocs/password_protect.php"); ?>
<?php include('db_con.php'); ?>

<form  method="post" action="search.php" enctype="multipart/form-data">
<input type="search" name="search_name" /> <input type="submit" name="save" value="Search" />
<br /><label class="small">Enter a merchant's name - partial search permitted.</label>
</form>

<p></p>

<i class="error">
<?php if (isset($_REQUEST['status']) and $_REQUEST['status'] == 1) { ?>
Thank You!
<?php }else{ ?>

<?php } ?>	
<?php if (isset($_REQUEST['status']) and $_REQUEST['status'] == 2) { ?>
From must be greater than To!
<?php }else{ ?>
<?php } ?>	
<?php if ( isset($_GET['error']) and $_GET['error'] == 1  ) { ?>
I'm sorry, you've entered an invalid search term. Please enter at least one letter or number to search the database correctly.
<?php } ?>
<?php if ( isset($_GET['error']) and $_GET['error'] == 2  ) { ?>
I'm sorry, you've entered an invalid search term. Please enter at least one letter or number to search the database correctly.
<?php } ?>
<?php if ( isset($_GET['error']) and $_GET['error'] == 3  ) { ?>
I'm sorry, your search term does not match a record in the database. If you are aware of an issue that you feel should be included in the database of known issues, please report this using the contact form - the issue will be reviewed and if necessary the database will be updated accordingly.
<?php } ?>
</i>
search.php
Code:
<?php include("/var/www/vhosts/mysite.co.uk/httpdocs/password_protect.php"); ?>
<?php

include_once('db_con.php');	
if(isset($_POST['save']) and $_POST['save'] != ''){
								
$search = $_POST['search_name'];
$search = cleanQuery($search);
if($search == ''){
	header("Location: known_issues.php?error=2");
	 exit;
}

if (preg_match('/[\'^$%&*()}{@#~?><>,|=_+-]/', $search))
{
   	header("Location: known_issues.php?error=1");
	 exit;
}

?>
<!DOCTYPE HTML>
<html>
<head>
<title>Search Results</title>
</head>
<body>

<form  method="post" action="search.php" enctype="multipart/form-data">
<input type="search" name="search_name" /> <input type="submit" name="save" value="Search" />
<br /><label class="small">Enter a merchant's name - partial search permitted.</label>
</form>

<p></p>

 <?php
 $query = mysql_query("SELECT * FROM Merchants WHERE Name LIKE '%.$search_name.%'");
 $num_rows = mysql_num_rows($query);
 if($num_rows!=0){
	 while($rows = mysql_fetch_assoc($query)){
		 
		$Name = $rows['Name'];
		$Phone = $rows['Phone'];
		$Email = $rows['Email'];
		$MerchantID = $rows['MerchantID'];	
		$Privacy = $rows['Privacy'];
		if($Privacy == 'To:' or $Privacy == 'to:'){
			$Privacy = '<i class="to">'.$Privacy.'</i>';
		}if($Privacy == 'Bcc:' or $Privacy == 'bcc:'){
			$Privacy = '<i class="bcc">'.$Privacy.'</i>';
		}
 ?>

<table class="records">
<tr>
<td style="width: 375px">

<table class="merchant">
<tr>
<td>Name:</td>
<td><?php echo $Name; ?></td>
</tr>
<tr>
<td>Phone:</td>
<td><?php echo $Phone; ?></td>
</tr>
<tr>
<td>Email:</td>
<td><?php echo $Privacy; ?> <?php echo $Email; ?></td>
</tr>
</table>

</td>
<td>

            <?php
			$queryI = mysql_query("SELECT * FROM Issues WHERE MerchantID = '$MerchantID'");
			$num_rowsI = mysql_num_rows($queryI);
 			if($num_rowsI!=0){
			?>
            
            <?php
             $counter_issues = 1;
			 while($rowsI = mysql_fetch_assoc($queryI)){
				 $DealID = $rowsI['DealID'];
				 $DealDate = $rowsI['DealDate'];
				 $timestamp_DealDate = strtotime($DealDate);
				 $DealTitle = $rowsI['DealTitle'];
				 $Category = $rowsI['Category'];
				 $IssueDate = $rowsI['IssueDate'];
			     $timestamp_IssueDate = strtotime($IssueDate);
				 $Issue = $rowsI['Issue'];
				 $Solution = $rowsI['Solution'];
			?>

<table class="issue">
<tr>
<td colspan="2"><b>Issue #:</b> <?php echo $counter_issues; ?> / <b>Issue Date:</b> <?php echo date('d/m/y', $timestamp_IssueDate); ?> / <b>Deal ID:</b> <?php echo $DealID; ?> / <b>Deal Date (valid from):</b> <?php echo date('d/m/y', $timestamp_DealDate); ?></td>
</tr>
<tr>
<td><b>Deal Title:</b> <?php echo $DealTitle; ?></td>
<td class="category"><b>Category:</b> <?php echo $Category; ?></td>
</tr>
<tr>
<td colspan="2">
<b>Issue:</b>
<p></p>
<?php echo $Issue; ?>
<p><hr /></p>
<b>Solution:</b>
<p></p>
<?php echo $Solution; ?>
</td>
</tr>
</table>

            	<?php
            		$counter_updates = 1;
					$queryU = mysql_query("SELECT * FROM Updates WHERE IssueID = '$IssueID'");
					$num_rowsU = mysql_num_rows($queryU);
 					if($num_rowsU!=0){
						 while($rowsU = mysql_fetch_assoc($queryU)){
							 $Update = $rowsU['Update'];
							 $UpdateDate = $rowsU['UpdateDate'];
							 $timestamp = strtotime($UpdateDate);
				?>

<table class="update">
<tr>
<td>
<b>Update #:</b> <?php echo $counter_updates; ?>
<p class="padding1"><b><?php echo date('d/m/y', $timestamp); ?></b></p>
<p class="padding2"><?php echo $Update; ?></p>
</td>
</tr>
</table>

                <?php
                $counter_updates++;
						 }
					}
				?>
            
            <?php
            $counter_issues++;
			}
			}
			?>

</td>
</tr>
</table>
			
  <?php
	 }
 }else {
	 
	 	header("Location: known_issues.php?error=3");
	 	exit;
	 }
	 
}
  ?>

</body>
</html>
db.jpg