It's been a month and am really messed up trying to integrate a php pagination code to my search script. Referred to most of the tutorials Googling, but in vain. Any help would be much appreciated. Here I go...
<?php
ob_start();
session_start();
$_GET['term'] = trim($_GET['term']);
$output = preg_replace('!\s+!', ' ', $_GET['term']);
if(empty($_GET['term'])|| preg_match("/^[#!#\$\^%&*()+=\-\[\]\\\';,\.\/\{\}\|\":<>\?\ _ ]+$/i", $_GET['term']) || $output== ' ' || $_GET['term']== "%24_GET%5B%27term%27%5D")
{
echo "<BR>";
echo "<BR>";
echo("Please enter a Valid Search term");
}
else
{
mysql_connect("localhost", "root", "root");
mysql_select_db("search");
$_GET['term'] = explode(' ', $_GET['term']);
foreach($_GET['term'] AS $_GET['term'])
{
$_GET['term'] = trim($_GET['term']);
$sql = mysql_query("SELECT DISTINCT * FROM searchengine WHERE pagecontent LIKE '%" . str_replace(' ', "%' AND pagecontent LIKE '%", $_GET['term'])."%' LIMIT 0,10");
while($ser = mysql_fetch_array($sql)) {
echo "<BR>";
echo "<b><u><a href='$ser[pageurl]'>$ser[title]</a></u></b>";
echo "<BR>";
echo("<span class='style_block'>{$ser['pagecontent']}</span>");
echo "<BR>";
echo ("<a href='$ser[pageurl]'>$ser[pageurl]</a>");
echo "<BR>";
echo "<BR>";
}
}
$count=mysql_num_rows($sql);
if($count==0)
{
echo "<BR>";
echo "<BR>";
echo "Sorry, No News material was found... Please refine your search criteria and try again.";
}
}
?>
Apart from the problems Luc M has mentioned in his comment (which you should certainly resolve before moving forward), you are almost there.
You need to consider a couple of points, really: How many records to display per page, and what page you are on. These will dictate the records you need to retrieve and display. So, how do you go about this?
The first point is covered in your code already through use of the LIMIT clause in your SQL query. The second point is a tiny bit more complex to start with. You need a way of identifying the page you are on. This is probably easiest to identify through a GET variable, for example http://site.com/search.php?page=2. Now, for implementing this, you want something along these lines:
$recordsPerPage = 10; // although you may want to have this as a GET or POST variable as well, so the user can decide
if(isset($_GET['page']) // this ensures a default value
{
$currentPage = $_GET['page'];
}
else
{
$currentPage = 1;
}
Then, for your SQL query, you want to build something like this:
$query = "SELECT * FROM table_name LIMIT " . $recordsPerPage . " OFFSET " . ($currentPage - 1)*$recordsPerpage . ";";
The OFFSET clause of SQL along with LIMIT basically says "Select this many records, starting from result number x". You offset on $currentPage - 1 because the first page doesn't want an offset, and the second page only wants an offset of however many records were shown on the first page, so on and so forth.
To create navigation for the paginated data, you want to find out how many records are in your result set, which can be done through the count($array) function of PHP. Then, to find the number of pages, simply use something like:
$numPages = ceil(count($array)/$recordsPerPage);
Where $array is your dataset from the SQL query. The ceil() function rounds the result up to the next integer.
Once you have this result, you simply need to output links to each page, which can be done simply with a for loop:
for($i = 0; i < $numPages; i++)
{
echo '<a href="/search.php?page="' . $i+1 . '>' . $i+1 . '</a>';
}
To create first, previous, next and last page links, you need to do something like:
$firstPage = 1;
$previousPage = $currentPage - 1; // you may want to check here or elsewhere to make sure you have no page zero
$nextPage = $currentPage + 1; // may also want to make sure you don't go past the last page
$lastPage = $numPages;
These values can then be put into your generated links.
Again, I will refer you to Luc M's comment... These need to be fixed, take a look at mysqli functions instead of the now-deprecated mysql_*() functions you're currently using, make sure you clean any user-inputted data before using it, and consider looking at the MVC design pattern.
Hopefully, this will help you out.
Related
I have a database that holds thousands of structures. The structures are searchable by choosing the "area" first, then selecting the "block_number". My first page allows the user to select the area, the area is then passed through the url to the next page. The next page uses php to pull up the blocks in that area. I'm trying to echo the "area" and "block_number" in the results. The my query works just fine but, for some reason I can't display the "area" in the results. See the code below.
<?
include("conn.php");
include("pl_header.php");
$area = mysql_real_escape_string($_GET['area']);
$wtf = '$area';
?>
<h3>Choose A Block Number in<br> <?=$area?></h3><br>
<center>
<?php
$tblWidth = 1;
$sql = mysql_query("SELECT DISTINCT block_number FROM platform_locations WHERE area='$area'");
$i = 1;
// Check to see if any results were returned
if(mysql_num_rows($sql) > 0){
echo '<div class="redBox extraIndent">';
// Loop through the results
while($row = mysql_fetch_array($sql)){
echo ''. $row['area'] .''. $row['block_number'] .'';
if($i == $tblWidth){
echo '';
$i = 0;
}
$i++;
}
echo '';
}else{
echo '<br>Sorry No Results';
}
?>
</div>
</body>
</html>
My issue is where you see '. $row['area'] .' displays nothing, but the '. $row['block_number'] .' works just fine.
Your query is only selecting block_number.
Try changing:
$sql = mysql_query("SELECT DISTINCT block_number FROM platform_locations WHERE area='$area'");
To:
$sql = mysql_query("SELECT DISTINCT block_number, area FROM platform_locations WHERE area='$area'");
Edit: If you have this issue in the future try var_dump($row); to see what the array contains. This would show you that you only have access to the block_number and not the area.
Double edit: I didn't notice, but the other answer is right about the $area var- you've already got the $area saved, use that variable instead of the return from the DB as it's already in memory. If this could change per record, it'd be prudent to use the record's area variable to make your code more reusable. However, in this particular case, your SQL statement has the area in the where clause, so it wont vary unless you attempt to use portions of this code elsewhere.
Your SQL query is only selecting block_number, so that's the only field that will be in the $row array. You've already got area as a variable $area so use that, not $row['area'].
I'm using this while statement to show all contents of database...
$sql = mysql_query("SELECT id,question,date,user,numberofcomments,body,locked FROM questions ORDER BY id DESC");
while($row=mysql_fetch_assoc($sql)) {
echo '<div class="comment">';
echo '<div class="leftpart">';
echo "<div class='date'><img src='../assets/icons/Time-info.png'> ".ago($row['date']);
echo "</div><br><img src='../assets/icons/User-Info.png'> ".$row['user'];
echo "<br><img src='../assets/icons/Comments.png'> ".$row[numberofcomments];
echo '</div>';
echo '<div class="rightpart-topic">';
if($row['locked']==1) { echo '<img src="../assets/icons/Lock.png" /> ';
}
echo ''.$row['question'].'';
echo '<br>'.substr($row['body'],0,70).'...';
echo '</div>';
echo '</div>';
}
I want to show only 10 rows then have links to show the rest (as in page 1,2,3,4, last type thing). How would I go about doing that? It would help if you could also explain your code as it would be greatly appreciated. It helps my learning process.
Thanks!
You need to do a LIMIT in your query using some sort of passed $_GET variable.
$start=0;
$limit = 10;
$page = (isset($_GET['page']) ? : 0));
$start = $page * $limit;
$sql = mysql_query("SELECT id,question,date,user,numberofcomments,body,locked FROM questions ORDER BY id DESC LIMIT {$start},{$limit}");
Should be pretty self explanatory.
If there is not page variable set then you are viewing page 0, or the first 10 results of your database query. If page = 1 then you are going to be viewing $page (value=1) * $limit (10) = $start (now value of 10), which will give you results 10-20 or page 1. etc.
So provide your user a button which can link them to a hard paginated link, or do it ajax.
Each url will need to be like so:
http://wwww.yoursite.com/somepage.php?page=1
Efficiency aside, you could simply set a counter and check if it value Is greater than 10 during the loop. If so, add a 'hidden' class to the parent div. That class would use display:none;
All the whole day I'm trying to solve this problem but still no luck.
The scenario is: I am developing a vertical menu which should query groups and items of those groups in a menu respectively, but groups are being populated without its items.
Code was written in the following way:
$data1 = mysql_query(select groupnames from groups where categoryy='Agriculture');
while($info1=mysql_fetch_array($data1))
{
echo $info1[0];
$data2==mysql_query(select itms from groupitems where categoryy='Agriculture' and groupname='$info1[0]');
while($info2=mysql_fetch_array($data2))
{
echo $info2[0];
}
}
In the above code, groups are being populated nicely but no items from groupitems table are being populated. If I write Grain (Grain is one of the group of agriculture in my database) instead of groupname=$info1[0] then it works. But it should be got dynamically from the query.
Please help, I'm in trouble.
at last its solved! here's the code:
<?php
include "aPannel/dbconn.php";
$query="select GroupName from categorygroup where categoryy='Agriculture'";
$i=0;
$result=mysql_query($query);
$num=mysql_num_rows($result);
$groupname=mysql_result($result ,$i ,"GroupName");
mysql_close();
if ($num=="0") echo "<p>Sorry, there are no groups to display for this Category.</p>";
else
{
echo "<p>There are currently <strong>$num</strong> groups represented in our database.</p><br>";
while($i < $num)
{
$groupname=mysql_result($result ,$i ,"GroupName");
include("aPannel/dbconn.php");
$query2 = "SELECT subcategory FROM groupsubcategory WHERE groupname='$groupname'"; // count number of items in each group
echo $query2 . "<br/>";
$resultt=mysql_query($query2);
$countt=mysql_num_rows($resultt);
mysql_close();
echo $countt . "subcategories" . "<br/>"; // display number of items
$i++;
}
} // end if results
?>
Your queries are not wrapped around double-quotes (" ") . Always remember that what you pass to mysql_query method is a string argument. And also $data2==.... seems wrong.
So, change the code like this
$data1=mysql_query("select groupnames from groups where categoryy='Agriculture'");
while($info1=mysql_fetch_array($data1))
{
echo $info1[0];
$infoTemp=$info1[0];
$data2=mysql_query("select itms from groupitems where categoryy='Agriculture'
and groupname='$infoTemp'");
while($info2=mysql_fetch_array($data2))
{
echo $info2[0];
}
}
I hope it should work
EDIT: Also are you sure column itms in second query or items ?
EDIT: added temporary variable
I had search through many websites and tried the different ways provided online, but it cant seen to work. It does not load the information when I click next, last, first, previous. It only loads the first page's result. Please help! Thank you in advance.
function retrieveName($fieldName)
{
$i=1;
if(isset($_GET[$fieldName]))
{
mysql_connect("localhost", "root") or die(mysql_error());
mysql_select_db("intern") or die(mysql_error());
//This checks to see if there is a page number. If not, it will set it to page 1
if (!(isset($pagenum)))
{
$pagenum = 1;
}
//Here we count the number of results
$intern = $_GET[$fieldName];
$data = mysql_query("SELECT p.`internName`, p.`internNRIC`, c.`internSchName` FROM `personaldetails` p, `currentinstitution` c WHERE c.`internNRIC`= p.`internNRIC` AND p.`internName` like '%$intern%' || p.`internNRIC` like '%$intern%' || c.`internSchName` like '%$intern%' GROUP BY p.internNRIC") or die(mysql_error());
$rows = mysql_num_rows($data);
//This is the number of results displayed per page
$page_rows = 1;
//This tells us the page number of our last page
$last = ceil($rows/$page_rows);
//this makes sure the page number isn't below one, or more than our maximum pages
if ($pagenum < 1)
{
$pagenum = 1;
}
elseif ($pagenum > $last)
{
$pagenum = $last;
}
//This sets the range to display in our query
$max = 'LIMIT ' .($pagenum - 1) * $page_rows .',' .$page_rows;
PRODUCTION. //This is your query again, the same one... the only difference is we add $max into it
$data_p = mysql_query("SELECT p.`internName`, p.`internNRIC`, c.`internSchName` FROM `personaldetails` p, `currentinstitution` c WHERE c.`internNRIC`= p.`internNRIC` AND p.`internName` like '%$intern%' || p.`internNRIC` like '%$intern%' || c.`internSchName` like '%$intern%' GROUP BY p.internNRIC $max ") or die(mysql_error());
//This is where you display your query results
while($row = mysql_fetch_array( $data_p ))
{
echo $i. ".";
echo " NRIC : ".$row['internNRIC'] ."";
echo "</br><br/>";
echo " Name : ". $row['internName'] . " Name of School :" . $row['internSchName'];
echo "</br><br/>";
$i++;
}
echo "<p>";
// This shows the user what page they are on, and the total number of pages
echo " --Page $pagenum of $last-- <p>";
// First we check if we are on page one. If we are then we don't need a link to the previous page or the first page so we do nothing. If we aren't then we generate links to the first page, and to the previous page.
if ($pagenum == 1)
{
}
else
{
echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=1&searchIntern=$intern'> <<-First</a> ";
echo "---Interns Search---";
$previous = $pagenum-1;
echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=$previous&searchIntern=$intern'> <-Previous</a> ";
}
//This does the same as above, only checking if we are on the last page, and then generating the Next and Last links
if ($pagenum == $last)
{
}
else
{
$next = $pagenum+1;
echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=$next&searchIntern=$intern'>Next -></a> ";
echo "---Interns Search---";
echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=$last&searchIntern=$intern'>Last ->></a> ";
}
}else echo "Please enter your search.";
}
Not 100% about this, but it looks like you're using a local variable for $pagenum when you want to use either a parameter (good idea) or a global variable such as $_GET['pagenum']. You're also leaving yourself open to SQL injection. Use mysql_real_escape_string on all variables which need to be used in queries (like $intern).
As #cwallenpoole says, it looks like $pagenum is scoped outside of the function, and I'm guessing the function is written assuming that register_globals is on, which is generally a very bad thing. I've seen this cause plenty of issues when moving an old (inherited) site to a new server.
To fix that specific problem, replace:
if (!(isset($pagenum)))
{
$pagenum = 1;
}
with this:
$pagenum = isset($_REQUEST['pagenum']) ?
(int)$_REQUEST['pagenum'] :
1;
This sets $pagenum to the request's pagenum value, and defaults to 1 if the page number isn't in the request. It also casts the value to an int which should at least stop one injection attack vector. The rest of the function is another matter...
I am doing a project where I want a person to enter the name of any artist/band into a text box where it will seach my mysql database for the event information and display the results/content on another page. The code below is within my index.php where it should get the information from search.php (below also). I've looked all over and I'm not sure why it's not working and I can't figure out what to do. Help would be great! (I really need to pass this class!) :)
(index.php)
<form name="search" action="search.php" method="get">
<div align="center"><input type="text" name="q" />
<p><input type="submit" name="Submit" value="Search" /></p>
</form>
(search.php)
<?php
//Get the search variable from URL
$var=#&_GET['q'];
$trimmed=trim($var); //trim whitespace from the stored variable
//rows to return
$limit=10;
//check for an empty string and display a message.
if($trimmed=="")
{
echo"<p>Please enter a name.</p>";
exit;
}
//check for a search parameter
if(!isset($var))
{
echo"<p>We don't seem to have a search parameter!</p>";
exit;
}
//connect to database
mysql_connect("localhost","root","password");
//specify database
mysql_select_db("itour") or die("Unable to select database");
//Build SQL Query
$query = "select * from events where artist_name like \"%trimmed%\" order by date";
$numresults=mysql_query($query);
$numrows=mysql_num_rows(numresults);
//If no results, offer a google search as an alternative
if ($numrows==0)
{
echo"<h3>Results</h3>";
echo"<p>Sorry, your search: "" .$trimmed . "" returned zero results</p>";
//google
echo"<p><a href=\"http://www.google.com/search?q=".$trimmed . "\" target=\"_blank\" title=\"Look up ".$trimmed ." on Google\">
Click here</a> to try the search on google</p>";
}
//next determine if s has been passed to script, if not use 0
if(empty($s)) {
$s=0;
}
//get results
$query .=" limit $s,$limit";
$result = mysql_query($query) or die("Couldn't execute query");
//display what was searched for
echo"<p>You searched for: "" .$var . ""</p>";
//begin to show results set
echo "Results";
$count = 1 + $s;
//able to display the results returned
while ($row=mysql_fetch_array($result)) {
$title = $row["artist_name"];
echo"$count.) $title";
$count++;
}
$currPage = (($s/$limit) + 1;
echo"<br />";
//links to other results
if ($s>=1){
//bypass PREV link if s is 0
$prevs=($s-$limit);
print" <a href=\"$PHP_SELF?s=$prevs&q=$var\"><<
Prev 10</a> ";
}
//calculate number of pages needing links
$pages = intval($numrows/$limit);
//$pages now contains int of pages needed unless there is a remainder from diviison
if($numrows%$limit){
//has remainder so add one page
$pages++;
}
//check to see if last page
if (!((($s+$limit)/$limit)==$pages) && $pages!=1){
//not last page so give NEXT link
$news = $s+$limit;
echo " Next 10 >>";
}
$a = $s +($limit);
if($a > $numrows){$a = $numrows;}
$b = $s + 1;
echo "<p>Showing results $b to $a of $numrows</p>";
?>
Your where clause is goofy...try changing it to:
WHERE artist_name like '%$trimmed%'
just putting trimmed will be interpreted literally as the string "trimmed". However, using the variable $trimmed in your double-quoted string will give the actual variable's value.
$query = "select * from events where artist_name like '%$trimmed%' order by date";
In order to use the variable $trimmed in a query, escape it first. Otherwise, your script will be vulnerable to SQL injection attacks, and attackers will be able to run almost any query against your database. This problem is exacerbated by the fact that you are connecting to MySQL as root. Never ever do this in a production environment.
Also, to expand a variable in a string, you should include the $ character before the variable name.
$trimmed = trim($var);
$escaped = mysql_real_escape_string($trimmed);
$query = "select * from events where artist_name like \"%$escaped%\" order by date";
Your code still looks all over the place. I think the main reason it wasn't working was the mixing of " and '. You need to escape variables before you use them in your queue. mysql_real_escape_string is the lowest form of escaping you should be using. I'd recommend you have a look at PDO though.
<?php
//Get the search variable from URL
$var = $_GET['q'];
$trimmed = mysql_real_escape_string(trim($var)); //trim whitespace and escape the stored variable
//rows to return
$limit = 10;
//check for an empty string and display a message.
if($trimmed == "") {
echo"<p>Please enter a name.</p>";
exit;
}
//check for a search parameter
if(!isset($var)){
echo"<p>We don't seem to have a search parameter!</p>";
exit;
}
//connect to database
mysql_connect("localhost","root","password");
//specify database
mysql_select_db("itour") or die("Unable to select database");
//Build SQL Query
$query = "SELECT * FROM events WHERE artist_name LIKE %$trimmed% ORDER BY DATE";
$numresults = mysql_query($query);
$numrows = mysql_num_rows(numresults);
//If no results, offer a google search as an alternative
if ($numrows==0){
echo"<h3>Results</h3>";
echo"<p>Sorry, your search: "" .$trimmed . "" returned zero results</p>";
//google
echo"<p><a href=\"http://www.google.com/search?q=".$trimmed . "\" target=\"_blank"\ title=\"Look up ".$trimmed ." on Google\">
Click here</a> to try the search on google</p>";
}
//next determine if s has been passed to script, if not use 0
if(empty($s)) {
$s=0;
}
//get results
$query .=" limit $s,$limit";
$result = mysql_query($query) or die("Couldn't execute query");
//display what was searched for
echo"<p>You searched for: "" .$var . ""</p>";
//begin to show results set
echo "Results";
$count = 1 + $s;
//able to display the results returned
while ($row = mysql_fetch_array($result)) {
$title = $row['artist_name'];
echo $count.' '.$title;
$count++;
}
$currPage = (($s/$limit) + 1;
echo "<br>";
//links to other results
if ($s>=1){
//bypass PREV link if s is 0
$prevs=($s-$limit);
echo ' <a href="'.$PHP_SELF.'?s='.$prevs.'&q='.$var.'"><<';
echo 'Prev 10</a> ';
}
//calculate number of pages needing links
$pages = intval($numrows/$limit);
//$pages now contains int of pages needed unless there is a remainder from diviison
if($numrows%$limit){
//has remainder so add one page
$pages++;
}
//check to see if last page
if (!((($s+$limit)/$limit)==$pages) && $pages!=1){
//not last page so give NEXT link
$news=$s+$limit;
echo ' Next 10 >>';
}
$a = $s +($limit);
if($a > $numrows){$a = $numrows;}
$b = $s + 1;
echo '<p>Showing results '.$b.' to '.$a.' of '.$numrows.'</p>';
?>
You are missing a $ symbol. I think
$var=#&_GET['q'];
should probably be
$var=#$_GET['q'];
unless you really want a reference, in which case it should be this: (the error suppression is not needed at this point if you want a reference, but you should check $var is set before trying to access it)
$var=& $_GET['q'];
I would be tempted to write it a bit more like this.
if (!isset($_GET['q'])) {
echo"<p>We don't seem to have a search parameter!</p>";
exit;
}
$trimmed = trim($_GET['q']);
if($trimmed=="") {
echo"<p>Please enter a name.</p>";
exit;
}
Also as Chad mentioned, an sql injection would be simple since you arent cleaning input before performing DB actions with it.
try adding
foreach($_REQUEST as $param => $value)
{
$_REQUEST[$param]=mysql_real_escape_string($value);
}
This way you escape all the user input so the user cant tamper with the db. Read more about this method and sql injection in the docs here:
http://us2.php.net/mysql_real_escape_string