Hi,
I’m really worried that I’ve been duped out of some money. I paid a freelancer to write me some code to search my database and output results.
I was wondering if you’d be able to have a quick look at the code to see if anything looks like it’s breaking?
The problem is that no matter what I search for, I always get one of the error messages. When I search for a record that I know should return some results, I get the “cannot find record” error.
The person I hired says he cannot replicate the problem. So either he’s lying and sent me shoddy code, or it’s something I did? I’m wondering if my database is set up correctly.
The attached db.jpg is the database – three tables, Merchants, Issues (FK MerchantID to Merchants > MerchantID), Updates (FK IssueID to Issues > IssueID). The tables are InnoDB.
I don’t know if he’s bugged the code so I have to go back and pay him more money?
db_con.php
[CODE]
<?php
$con = mysql_connect(“localhost”,”myusername”,”mypassword”);
if (!$con)
{
die(‘Could not be connected: ‘ . mysql_error());
}
mysql_select_db(“my_db”, $con);
function cleanQuery($string)
{
if(get_magic_quotes_gpc()) // prevents duplicate backslashes
{
$string = stripslashes($string);
}
if (phpversion() >= ‘4.3.0’)
{
$string = mysql_real_escape_string($string);
}
else
{
$string = mysql_escape_string($string);
}
return $string;
}
?>
known_issues.php
[CODE]
<?php include(“/var/www/vhosts/mysite.co.uk/httpdocs/password_protect.php”); ?>
<?php include(‘db_con.php’); ?>
<form method=”post” action=”search.php” enctype=”multipart/form-data”>
<input type=”search” name=”search_name” /> <input type=”submit” name=”save” value=”Search” />
<br /><label class=”small”>Enter a merchant’s name – partial search permitted.</label>
</form>
<p></p>
<i class=”error”>
<?php if (isset($_REQUEST[‘status’]) and $_REQUEST[‘status’] == 1) { ?>
Thank You!
<?php }else{ ?>
<?php } ?>
<?php if (isset($_REQUEST[‘status’]) and $_REQUEST[‘status’] == 2) { ?>
From must be greater than To!
<?php }else{ ?>
<?php } ?>
<?php if ( isset($_GET[‘error’]) and $_GET[‘error’] == 1 ) { ?>
I’m sorry, you’ve entered an invalid search term. Please enter at least one letter or number to search the database correctly.
<?php } ?>
<?php if ( isset($_GET[‘error’]) and $_GET[‘error’] == 2 ) { ?>
I’m sorry, you’ve entered an invalid search term. Please enter at least one letter or number to search the database correctly.
<?php } ?>
<?php if ( isset($_GET[‘error’]) and $_GET[‘error’] == 3 ) { ?>
I’m sorry, your search term does not match a record in the database. If you are aware of an issue that you feel should be included in the database of known issues, please report this using the contact form – the issue will be reviewed and if necessary the database will be updated accordingly.
<?php } ?>
</i>
search.php
[CODE]
<?php include(“/var/www/vhosts/mysite.co.uk/httpdocs/password_protect.php”); ?>
<?php
include_once(‘db_con.php’);
if(isset($_POST[‘save’]) and $_POST[‘save’] != ”){
$search = $_POST[‘search_name’];
$search = cleanQuery($search);
if($search == ”){
header(“Location: known_issues.php?error=2”);
exit;
}
if (preg_match(‘/[‘^£$%&*()}{@#~?><>,|=_+¬-]/’, $search))
{
header(“Location: known_issues.php?error=1″);
exit;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Search Results</title>
</head>
<body>
<form method=”post” action=”search.php” enctype=”multipart/form-data”>
<input type=”search” name=”search_name” /> <input type=”submit” name=”save” value=”Search” />
<br /><label class=”small”>Enter a merchant’s name – partial search permitted.</label>
</form>
<p></p>
<?php
$query = mysql_query(“SELECT * FROM Merchants WHERE Name LIKE ‘%.$search_name.%'”);
$num_rows = mysql_num_rows($query);
if($num_rows!=0){
while($rows = mysql_fetch_assoc($query)){
$Name = $rows[‘Name’];
$Phone = $rows[‘Phone’];
$Email = $rows[‘Email’];
$MerchantID = $rows[‘MerchantID’];
$Privacy = $rows[‘Privacy’];
if($Privacy == ‘To:’ or $Privacy == ‘to:’){
$Privacy = ‘<i class=”to”>’.$Privacy.'</i>’;
}if($Privacy == ‘Bcc:’ or $Privacy == ‘bcc:’){
$Privacy = ‘<i class=”bcc”>’.$Privacy.'</i>’;
}
?>
<table class=”records”>
<tr>
<td style=”width: 375px”>
<table class=”merchant”>
<tr>
<td>Name:</td>
<td><?php echo $Name; ?></td>
</tr>
<tr>
<td>Phone:</td>
<td><?php echo $Phone; ?></td>
</tr>
<tr>
<td>Email:</td>
<td><?php echo $Privacy; ?> <?php echo $Email; ?></td>
</tr>
</table>
</td>
<td>
<?php
$queryI = mysql_query(“SELECT * FROM Issues WHERE MerchantID = ‘$MerchantID'”);
$num_rowsI = mysql_num_rows($queryI);
if($num_rowsI!=0){
?>
<?php
$counter_issues = 1;
while($rowsI = mysql_fetch_assoc($queryI)){
$DealID = $rowsI[‘DealID’];
$DealDate = $rowsI[‘DealDate’];
$timestamp_DealDate = strtotime($DealDate);
$DealTitle = $rowsI[‘DealTitle’];
$Category = $rowsI[‘Category’];
$IssueDate = $rowsI[‘IssueDate’];
$timestamp_IssueDate = strtotime($IssueDate);
$Issue = $rowsI[‘Issue’];
$Solution = $rowsI[‘Solution’];
?>
<table class=”issue”>
<tr>
<td colspan=”2″><b>Issue #:</b> <?php echo $counter_issues; ?> / <b>Issue Date:</b> <?php echo date(‘d/m/y’, $timestamp_IssueDate); ?> / <b>Deal ID:</b> <?php echo $DealID; ?> / <b>Deal Date (valid from):</b> <?php echo date(‘d/m/y’, $timestamp_DealDate); ?></td>
</tr>
<tr>
<td><b>Deal Title:</b> <?php echo $DealTitle; ?></td>
<td class=”category”><b>Category:</b> <?php echo $Category; ?></td>
</tr>
<tr>
<td colspan=”2″>
<b>Issue:</b>
<p></p>
<?php echo $Issue; ?>
<p><hr /></p>
<b>Solution:</b>
<p></p>
<?php echo $Solution; ?>
</td>
</tr>
</table>
<?php
$counter_updates = 1;
$queryU = mysql_query(“SELECT * FROM Updates WHERE IssueID = ‘$IssueID'”);
$num_rowsU = mysql_num_rows($queryU);
if($num_rowsU!=0){
while($rowsU = mysql_fetch_assoc($queryU)){
$Update = $rowsU[‘Update’];
$UpdateDate = $rowsU[‘UpdateDate’];
$timestamp = strtotime($UpdateDate);
?>
<table class=”update”>
<tr>
<td>
<b>Update #:</b> <?php echo $counter_updates; ?>
<p class=”padding1″><b><?php echo date(‘d/m/y’, $timestamp); ?></b></p>
<p class=”padding2″><?php echo $Update; ?></p>
</td>
</tr>
</table>
<?php
$counter_updates++;
}
}
?>
<?php
$counter_issues++;
}
}
?>
</td>
</tr>
</table>
<?php
}
}else {
header(“Location: known_issues.php?error=3”);
exit;
}
}
?>
</body>
</html>
[ATTACH]15243[/ATTACH]
[canned-message]attachments-removed-during-migration