I can't style an echo in PHP with css. No matter what I do, it doesn't work.
The php function is a search bar that will echo results from a mysql database.
Here's the CSS:
.php {
font-family: montserrat, sans-serif;
font-style: normal;
font-weight: 200;
text-align: justify;
color: rgba(200,200,200,1.00);
}
PHP:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<form method="GET" action="index.php" id="searchform">
<input type="text" name="query" placeholder="Enter keyword...">
<input style="width:30%;height:24px;" type="submit" name="submit" value="Search">
</form>
<?php
$hostname = "localhost";
$username = "user123";
$password = "pass123";
mysql_connect($hostname, $username, $password);
mysql_select_db("tehdatabase") or die(mysql_error());
$query = $_GET['query'];
// gets value sent over search form
$min_length = 1;
// you can set minimum length of the query if you want
if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then
$query = htmlspecialchars($query);
// changes characters used in html to their equivalents, for example: < to >
$query = mysql_real_escape_string($query);
// makes sure nobody uses SQL injection
$raw_results = mysql_query("SELECT * FROM env
WHERE (`id` LIKE '%".$query."%') OR (`name` LIKE '%".$query."%') OR (`short` LIKE '%".$query."%') OR (`short_withtag` LIKE '%".$query."%')") or die(mysql_error());
// * means that it selects all fields, you can also write: `id`, `title`, `text`
// articles is the name of our table
// '%$query%' is what we're looking for, % means anything, for example if $query is Hello
// it will match "hello", "Hello man", "gogohello", if you want exact match use `title`='$query'
// or if you want to match just full word so "gogohello" is out use '% $query %' ...OR ... '$query %' ... OR ... '% $query'
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
// $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop
echo "<p><h3>".$results['id']."</h3>".$results['name'].$results['short'].$results['short_withtag']."</p>";
// posts results gotten from database(title and text) you can also show id ($results['id'])
}
}
else{ // if there is no matching rows do following
echo "No results";
}
}
else{ // if query length is less than minimum
echo "Please enter at least one character";
}
?>
<div class="php">
<?php
echo("$output");
?>
</div>
</body>
</html>
I found this on the internet, and it works perfectly, except for one thing.
The div class php that is supposed to style the output is not working. the echo is black, times new roman text. How do I get around this?
You're not echoing anything in the div.php block. $output is never defined in your code. You echo plenty of times before the div.php block.
It seems to me you want to define, or append, $output instead of echo in the various sections like:
echo "No results";
Or just put the <div class="php"> before the PHP block so the echoes will be inside of it.
Related
I am creating an SIC code lookup and I am having a weird issue with my query. I have 6 table names, description, description-2, description-3. and two-digit-sic, four-digit-sic, and six-digit-sic and I am getting unexpected results.
If I search for an item in any of the description tables (example: agriculture) it will return the correct queries. and it will display as it should. As well as if I only search for a two-digit-sic. (example: 01)
However if I try and search via six-digit-sic or four-digit-sic It will not display the records.
A weird thing is when I search for the correct six-digit-sic it will say it found records but just not display them. if you put in an incorrect sic code it will just say no records found. example of working six-digit-sic (011198) non-working SIC (112112)
I am truly at a loss as to why this is happening.
this is live here: http://mainstaycomputing.com/client/prospects/list-brokers-resources/sic-code-search/
<?php
get_header();
?>
<div id="main-content" style = 'position: relative'>
<div class = 'wrapper'>
<h1 class="entry-title main_title"><?php the_title(); ?></h1>
<div class = 'sic-text'>
<p> SIC codes are assigned by the Government and are standard at the 4 digit level.
The 8 digit codes may be customized by each individual list owner. Because we represent all list
sources, there may be variance in what the 8 digit codes represent. For greatest accuracy,
when speaking with one of our List Brokers please supply the sic code # along with a description so
we can provide as exact a match as possible.To use this search, simply type the Industry you’re
looking for into the Search By Keyword field. For instance, entering “Dentists” will cause all
businesses related to dentists listed. <! — If you know the SIC code and want to know the industry
name, enter the 8 digit code into the Search By Code field. –> </p>
</div>
<form action="" method="GET" class = 'sic-search'>
<input class = 'sic-search-text' type="text" name="search" placeholder="Search for an industry, eg 'Agriculture'"/>
<input type="submit" value="Search" class = 'sic-search-button'/>
</form>
<?php
$search = $_POST['search'];
$host = "****";
$user = "****";
$password = "****";
$database_name = "****";
$min_length = 2;
// you can set minimum length of the sic if you want
if(strlen($search) >= $min_length && $search != ''){ // if sic length is more or equal minimum length then
echo "<p id='rowCount'> </p>";
$pdo = new PDO("mysql:host=$host;dbname=$database_name", $user, $password, array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
));
// Search from MySQL database table
$search=$_POST['search'];
$query = $pdo->prepare("select * from siccodes where description LIKE ? OR description-2 LIKE ?");
$query->bindValue(2, "%$search%", PDO::PARAM_STR);
$query->execute();
// Display search result
if (!$query->rowCount() == 0) {
echo "Search found :<br/>";
echo "<table class='sic-code-table'";
echo "<tr><th>description</th><th>two-digit-sic</th><th>description</th><th>four-digit-sic</th><th>description</th><th>six-digit-sic</th></tr>";
while ($results = $query->fetch()) {
echo "<tr><td>";
echo $results['description'];
echo "</td><td>";
echo $results['two-digit-sic'];
echo "</td><td>";
echo $results['description-2'];
echo "</td><td>";
echo $results['four-digit-sic'];
echo "</td><td>";
echo $results['description-3'];
echo "</td><td>";
echo $results['six-digit-sic'];
echo "</tr>";
}
echo "</table>";
} else {
echo "<p style = 'text-align:center; margin-bottom:30px; color: red;'>No results match" . " '" . $search . "' " . "Please try another search term.</p>";
}
} else {
if (!empty($_POST['search'])) {
echo "<p style = 'text-align:center; margin-bottom:30px; color: red;'> Please search again, '$search' is to short.</p>";
}
}
$host = "****";
$user = "***";
$password = "***!";
$database_name = "*****";
mysql_connect("****", "****", "****") or die("Error connecting to database: ".mysql_error());
/*
localhost - it's location of the mysql server, usually localhost
root - your username
third is your password
if connection fails it will stop loading the page and display an error
*/
mysql_select_db("****") or die(mysql_error());
/* tutorial_search is the name of database we've created */
?>
<?php
$query = $_GET['search'];
// gets value sent over search form
// if the query is null which it would be when they first enter the page then show all results
if(empty($_GET['search'])) {
// $query = '01';
$query = htmlspecialchars($query);
// changes characters used in html to their equivalents, for example: < to >
$query = mysql_real_escape_string($query);
// makes sure nobody uses SQL injection
$raw_results = mysql_query("SELECT * FROM siccodes ") or die(mysql_error());
// * means that it selects all fields, you can also write: `id`, `title`, `text `
// articles is the name of our table
// '%$query%' is what we're looking for, % means anything, for example if $query is Hello
// it will match "hello", "Hello man", "gogohello", if you want exact match use `title`='$query'
// or if you want to match just full word so "gogohello" is out use '% $query %' ...OR ... '$query %' ... OR ... '% $query'
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
echo "<table class='sic-code-table'";
echo "<tr><th>description</th><th>two-digit-sic</th><th>description</th><th>four-digit-sic</th><th>description</th><th>six-digit-sic</th></tr>";
while($results = mysql_fetch_array($raw_results)){
// $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop
echo "<tr><td>";
echo $results['description'];
echo "</td><td>";
echo $results['two-digit-sic'];
echo "</td><td>";
echo $results['description-2'];
echo "</td><td>";
echo $results['four-digit-sic'];
echo "</td><td>";
echo $results['description-3'];
echo "</td><td>";
echo $results['six-digit-sic'];
echo "</tr>";
// posts results gotten from database(title and text) you can also show id ($results['description'])
}
echo "</table>";
}
} // end of displaying all results
/* this is the actual search */
$min_length = 2;
// you can set minimum length of the query if you want
if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then
$query = htmlspecialchars($query);
// changes characters used in html to their equivalents, for example: < to >
$query = mysql_real_escape_string($query);
// makes sure nobody uses SQL injection
$raw_results = mysql_query("SELECT * FROM siccodes
WHERE (`description` LIKE '%".$query."%') OR (`description-2` LIKE '%".$query."%') OR (`description-3` LIKE '%".$query."%') OR (`two-digit-sic` = '$query') OR (`four-digit-sic` = '$query') OR (`six-digit-sic` = '$query')") or die(mysql_error());
// * means that it selects all fields, you can also write: `id`, `title`, `text `
// articles is the name of our table
// '%$query%' is what we're looking for, % means anything, for example if $query is Hello
// it will match "hello", "Hello man", "gogohello", if you want exact match use `title`='$query'
// or if you want to match just full word so "gogohello" is out use '% $query %' ...OR ... '$query %' ... OR ... '% $query'
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
$raw_num_rows = mysql_num_rows($raw_results);
$num_rows = $raw_num_rows - 1;
echo "<p id='rowCount'> We have retrieved " . " " . $num_rows . " " . " records related to the keyword '$query'</p>";
echo "<table class='sic-code-table'";
echo "<tr><th>description</th><th>two-digit-sic</th><th>description</th><th>four-digit-sic</th><th>description</th><th>six-digit-sic</th></tr>";
while($results = mysql_fetch_array($raw_results)){
// $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop
echo "<tr><td>";
echo $results['description'];
echo "</td><td>";
echo $results['two-digit-sic'];
echo "</td><td>";
echo $results['description-2'];
echo "</td><td>";
echo $results['four-digit-sic'];
echo "</td><td>";
echo $results['description-3'];
echo "</td><td>";
echo $results['six-digit-sic'];
echo "</tr>";
// posts results gotten from database(title and text) you can also show id ($results['description'])
}
echo "</table>";
}
else{ // if there is no matching rows do following
echo "<p style='text-align:center;color:red;'>No results for '$query' | Please try again";
}
}
else{ // if query length is less than minimum
echo "<p style='color:orange; text-align:center; '>Minimum length is ".$min_length."</p>";
}
?>
<!-- creates a form at the bottom of the list if there are more than 100 records -->
<?php if(mysql_num_rows($raw_results) > 100) : ?>
<form action="" method="GET" class = 'sic-search'>
<input class = 'sic-search-text' type="text" name="sic" placeholder="Search for an industry, eg 'Agriculture'"/>
<input type="submit" value="Search" class = 'sic-search-button'/>
</form>
<?php endif; ?>
</div> <!-- end of wrapper -->
</script>
</div> <!-- #main-content -->
<?php get_footer(); ?>
I'm building a search function for a website. What I don't like is that if I enter some special symbols Like < or > or % or others in the search box it prints out the whole database content even if there are no such symbols in the search entries.
What should I do so the search outputs only entries which contains the special symbol. And not the all entries which database contains.
Code:
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());;
$output = '';
if(isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
$query = mysql_query("SELECT * FROM users WHERE firstname LIKE '%$searchq%' OR lastname LIKE '%$searchq%'") or die("Could not search!");
$count = mysql_num_rows($query);
if ($count == 0) {
$output = 'There was no search results!';
} else {
while($row = mysql_fetch_array($query)) {
$fname = $row['firstname'];
$lname = $row['lastname'];
$id = $row['id'];
$output .= '<div>'.$fname.' '.$lname.'</div>';
}
}
}
?>
<html>
<head>
<title>Search</title>
</head>
<body>
<div id="top">
<form action="search3.php" method="post">
<input type="text" name="search" placeholder="Search here" />
<input type="submit" value=">>" />
</form>
</div>
<div id="top2">
<?php print("$output"); ?>
</div>
</body>
</html>
Edited. I tried to sanitize, it still don't work as planed.
function sanitize($data) {
return htmlentities(strip_tags(mysql_real_escape_string($data)));
}
$searchq = sanitize($_POST['search']);
That you are vulnerable to sql injection. You should use mysqli_ or pdo. For instance you can use mysql_real_escape_string() to avoid this [Though it is not recommended].
$searchq = mysql_real_escape_string($_POST['search']);
Edited: If you sanitize your input and it returns empty string (""), than your query will be :
SELECT * FROM users WHERE firstname LIKE '%%' OR lastname LIKE '%%'
Which will always prints out the whole database content. So check your input variable $searchq after sanitize. If it contains anything than you can perform your query like that:
if(strlen($searchq) > 0)
{
//run query
}
else{
//error message
}
Is it possible for a user to input let's say 'Red Car' and it will find the image in the database and in php/html and in the search results it will show the image?
My code for "Search"
<?php
$query = $_GET['query'];
$min_length = 3;
if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then
$query = htmlspecialchars($query);
// changes characters used in html to their equivalents, for example: < to >
$query = mysql_real_escape_string($query);
// makes sure nobody uses SQL injection
$raw_results = mysql_query("SELECT * FROM articles
WHERE (`title` LIKE '%".$query."%') OR (`text` LIKE '%".$query."%')") or die(mysql_error());
// * means that it selects all fields, you can also write: `id`, `title`, `text`
// articles is the name of our table
// '%$query%' is what I'm looking for, % means anything, for example if $query is Hello
// it will match "hello", "Hello man", "gogohello", if you want exact match use `title`='$query'
// or if you want to match just full word so "gogohello" is out use '% $query %' ...OR ... '$query %' ... OR ... '% $query'
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
// $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop
echo "<div class='successmate'><h2></h2></a>
</div><br><br><br>";
echo "<div class='search69'><a href='../pages/{$results['page_name']}'><h2>{$results['title']}</h2></a><p>{$results['text']}</p>";
}
}
else{ // if there is no matching rows do following
echo ("<br><br><div class='search1'><h2>No results</h2></br></br>");
}
}
else{ // if query length is less than minimum
echo ("<br><br><div class='search1'><h2>Minnimum Length Is</h2><h2>".$min_length);
}
?>
The images that I want to be found for keywords:
http://puu.sh/cCHv1/9f58d770f3.jpg
These are the names of the images in the DB:
http://puu.sh/cCHwa/a82d2cc7fe.png
Thanks!
Without testing I'd say you have your search function down, to display the results would be a simple matter simply put the below code where you would want to display the image results (This will only be for displaying the images, but to get it to work with other results is a simple rework)
<?php
while($data = $result->fetch_assoc()){
echo '<img src="'.$data['image_path'].'" alt="" title="" />';
}
?>
And then you can simply wrap the images in what ever container if you wish so, another way to do it could be to store the results into an' array and display it with a foreach loop
<?php
while($data = $result->fetch_assoc()){
$imageArray[] = $data['image_path'];
}
/*Code below you can place where ever you want, no need to place it directly after the
above query execute*/
foreach($imageArray as $imgPATH){
echo '<img src="'.$imgPATH.'" alt="" title="" />';
}
?>
The way i understand the problem, i would do it like this
Edit your database table so you also got "image_name", after image where you contain "ser_pic1.jpg"
SELECT * FROM {your_database} WHERE image_name = "Red car"
And post it like
link here
Here is my issue. I have a database I want to search by name only. If there are similar names I want it to pop up and give an option to pick which one. Once you do and click search it goes into a search.php file... I want to display results but the GET method does not seem to work.
Here is my form.
<form action="search.php" method="GET">
<input type="text" name="query" />
<input type="submit" value="Search" />
Here is my PHP search
<?php
mysql_connect("localhost", "dbname", "password") or die("Error connecting to database: ".mysql_error());
/*
localhost - it's location of the mysql server, usually localhost
root - your username
third is your password
if connection fails it will stop loading the page and display an error
*/
mysql_select_db("ambassador") or die(mysql_error());
/* tutorial_search is the name of database we've created */
$query = $_GET['query'];
// gets value sent over search form
$min_length = 3;
// you can set minimum length of the query if you want
if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then
$query = htmlspecialchars($query);
// changes characters used in html to their equivalents, for example: < to >
$query = mysql_real_escape_string($query);
// makes sure nobody uses SQL injection
$raw_results = mysql_query("SELECT * FROM member
WHERE (`Name` LIKE '%".$query."%')") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
}
}
else{ // if there is no matching rows do following
echo "No results";
}
}
else{ // if query length is less than minimum
echo "Minimum length is ".$min_length;
}
?>
Then I try to use this method to get results from database.
<?php echo $_GET['Name']; ?>
Thanks for all your help!
This is not an answer , i put code here because it's not well formated in the comment.
So , try this part of code ,it should display result according to the name in the form :
HTML:
<form action="search.php" method="GET">
<input type="text" name="name" />
<input type="submit" value="Search" />
</form>
PHP:
<?php
mysql_connect("localhost", "dbname", "password") or die("Error connecting to database: ".mysql_error());
mysql_select_db("ambassador") or die(mysql_error());
//check if variable $_POST['name'] has a value
if(isset($_GET['name'])) $name=$_GET['name'];
else $name="";
$raw_results = mysql_query("SELECT * FROM member where name='".$name."'") or die(mysql_error());
while($results = mysql_fetch_array($raw_results,MYSQL_ASSOC)){
echo $results['name'].'<br/>';
}
?>
The following displays HTML results from the database field "Never". I am trying to apply CSS styling to the output.
Here's what I have...
echo "<p><strong>Never:</strong> ".$results['Never']."".$results['text']."</p><br />";
Here's what I've tried...
echo "<p><strong>Never:</strong> ".$results['<div id="nevermsg">'Never'</div>]."".$results['text']."</p><br />";
Here's my CSS...
#nevermsg { color: red; }
...but it's not applying properly. I am receiving a syntax error and a headache. Am I putting this in the wrong spot?
The $results variable is not being filled.
Edit: Code Added
Here's my connection...
<?php
mysql_connect("localhost", "jpcso_compliance", "abc*123") or die("Error connecting to database: ".mysql_error());
/*
localhost - it's location of the mysql server
root - username
third is your password
if connection fails it will stop loading the page and display an error
*/
mysql_select_db("jpcsolut_compliance") or die(mysql_error());
/* jpcsolut_webfro_HS is the name of database we've created */
?>
There is no other HTML formatting for the output, other than what is right here...
<div id="title">
<p><h1>Database Search Results</h1></p></div>
<br />
<div id="main_inner">
<?php
$query = $_GET['query'];
// gets value sent over search form
$min_length = 2;
// you can set minimum length of the query if you want
if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then
$query = htmlspecialchars($query);
// changes characters used in html to their equivalents, for example: < to >
$query = mysql_real_escape_string($query);
// makes sure nobody uses SQL injection
$raw_results = mysql_query("SELECT * FROM Compliance
WHERE (`Question` LIKE '%".$query."%') OR (`Sample Response / Must` LIKE '%".$query."%') OR (`Must` LIKE '%".$query."%') OR (`Can` LIKE '%".$query."%') OR (`Never` LIKE '%".$query."%') OR (`Tags` LIKE '%".$query."%')") or die(mysql_error());
// * means that it selects all fields, you can also write: `id`, `title`, `text`
// IllegitimateHighSchools is the name of our table
// '%$query%' is what we're looking for, % means anything, for example if $query is Hello
// it will match "hello", "Hello man", "gogohello", if you want exact match use `title`='$query'
// or if you want to match just full word so "gogohello" is out use '% $query %' ...OR ... '$query %' ... OR ... '% $query'
if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
while($results = mysql_fetch_array($raw_results)){
// $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop
echo "<p><strong><u><h2>Question:</u> ".$results['Question']."".$results['text']."</h2></u></strong></p><br />";
echo "<p><strong>Sample Response / Must:</strong> ".$results['Sample Response / Must']."".$results['text']."</p><br />";
//echo "<p><strong>Location:</strong> <a href='".$results['Location']."' target='_blank'>".$results['SchoolLocation']."</a>".$results['text']."</p><br />";
echo "<p><strong>Must:</strong> ".$results['Must']."".$results['text']."</p><br />";
echo "<p><strong>Can:</strong> ".$results['Can']."".$results['text']."</p><br />";
//echo "<p><strong>Never:</strong> ".$results['Never']."".$results['text']."</p><br />";
echo "<span id=\"nevermsg\"><p><strong>Never:</strong> ".$results['Never']."".$results['text']."</p></span><br />";
echo "<p><strong>_____________________________________________</strong> "."</p><br />";
echo "<p><strong>Tags:</strong> ".$results['Tags']."".$results['text']."</p>";
// posts results gotten from database(title and text) you can also show id ($results['id'])
}
}
else{ // if there is no matching rows do following
echo "<br /><br /><br /><strong><h2>"."You have searched a term that is not in the database. Please contact ".htmlentities('email#domain.com') . ", if you think this term should be added."."</h2></strong>";
}
}
else{ // if query length is less than minimum
echo "Minimum length is ".$min_length;
}
?>
<br />
<br />
<br />
<br />
<br />
<br />
</div>
<!--End of Inner Main-->
Additionally, here is a link to the site, where I've included a query in the URL here.
Lastly, I call the stylesheet 'global.css', which is where the style lives.
#nevermsg { color: red; }
You need to change the array type in your while loop. mysql_fetch_array will return a standard array accessed like $array[0] not $array['my_key'] so use mysql_fetch_assoc.
So instead of this:
while ($results = mysql_fetch_array($raw_results)) {
echo "<p><strong>Never:</strong> <span id=\"nevermsg\">".$results['Never']."</span></p>"; //Doesn't
}
Do this:
while ($results = mysql_fetch_assoc($raw_results)) {
echo "<p><strong>Never:</strong> <span id=\"nevermsg\">".$results['Never']."</span></p>"; //Works
}
UPDATE:
Another option if you don't know the key is loop through the $results array itself like so with a foreach:
while ($results = mysql_fetch_assoc($raw_results)) {
foreach ($results as $key => $value) {
echo "<span id=\"nevermsg\"><p><strong>$key:</strong> ".$value."</p></span><br/>";
}
}
See the PHP fiddle example of the loop and <span> in action here. For obvious reasons the SQL could not be duplicated in the fiddle.
Why don't you use direct output of HTML?
// some preceding PHP code
?>
<p>
<strong>Never:</strong> <span id="nevermsg"><?=$results['Never'].$results['text'] ?></span>
</p>
It will be more readable and there will be no mess of HTML and PHP quotes, and no need to escape them...
Try this:
<?php
echo "<p><strong>Never:</strong> " . $results['<div id=\"nevermsg\">\'Never\'</div>'] . $results['text'] . "</p><br />";
?>
Your query is fine, it's your HTML which is quite messy. Try replacing this:
echo "<p><strong>Never:</strong> ".$results['Never']."".$results['text']."</p><br />";
With:
?>
<strong>Never:</strong>
<div id="nevermsg"><?= $results['Never']; ?></div>
<br>
<?php