Announcement

Collapse
No announcement yet.

Third time lucky?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Hi

    I get a white page with this:

    SELECT Image, Chain, Country, City, Top as '', Medium as '', Low as '' FROM Chains WHERE Country LIKE ? OR City LIKE ?
    but no error...

    You can try by entering 'Svres' or London with any accent you like on the 'o': 'Lndon'

    I have to put the earlier code back (with your function) as this is a live page and now it stops with that line.
    Last edited by qim; 12-15-2015, 10:12 AM.

    Comment


    • #17
      So it's working fine?
      Who needs a Signature?

      Comment


      • #18
        Hi

        Why do you say that? On my side it does not work. Did you read my last post and edit?

        Thanks

        Comment


        • #19
          I think i had you using the function in the wrong place, so it wasn't ever touching the string.

          try this.

          Code:
          <?php
          // function declarations
          
          function removeSpecialChars($str) {
              $unwanted_array = array(    'Š'=>'S', 'š'=>'s', 'Ž'=>'Z', 'ž'=>'z', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'C', ''=>'E', ''=>'E',
                                      ''=>'E', ''=>'E', ''=>'I', ''=>'I', ''=>'I', ''=>'I', ''=>'N', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'U',
                                      ''=>'U', ''=>'U', ''=>'U', ''=>'Y', ''=>'B', ''=>'Ss', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'c',
                                      ''=>'e', ''=>'e', ''=>'e', ''=>'e', ''=>'i', ''=>'i', ''=>'i', ''=>'i', ''=>'o', ''=>'n', ''=>'o', ''=>'o', ''=>'o', ''=>'o',
                                      ''=>'o', ''=>'o', ''=>'u', ''=>'u', ''=>'u', ''=>'y', ''=>'b', ''=>'y' );
          	return strtr( $str, $unwanted_array );
          }
          //application work
          $results = true;
          
          if(strlen(trim($_POST['keyword'])) <= 3) 
          {
          	$results = false;
          	$searchMsg = 'Please enter at least 3 characters';
          }
          
          
          // Find out if the user accessed the file directly
          //if($_SERVER['REQUEST_METHOD'] == 'GET') {
          
            //  header('Location:Search1.php'); // redirect the user if the form was not submitted.
            // die(); // Ignore anything after the die.
          
          //} elseif($_SERVER['REQUEST_METHOD'] == 'POST') {
          
          // this is a much neater method of detecting post, nothing posted, send them on their way	
          if(!isset($_POST)){
          	header('Location:http://pintotours.net/Search/Search1.php'); // redirect the user if the form was not submitted.
              die(); // Ignore anything after the die. 
          
          }
          
          
          
          // Your database preferences
          // We are using constants instead of variables for this
          // You can use either or
          define('HOST', 'localhost'); // Database host
          define('pintotou_******', 'root'); // Database username
          define('*****', 'root'); // Database password
          define('pintotou_search', ''); // Database
          
          $mysqli = new mysqli('localhost', 'pintotou_*****', '*****', 'pintotou_search'); // Connect to the database using MySQLi_* OOP and constants
          if($mysqli->connect_errno) {
              // Do not die or display any MySQL errors in this area.
              die('Unable to connect to the mysql server');
          }
          
          $searchq = filter_var("%{$_POST['keyword']}%", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // Sanitize the string
          
          $searchq = str_replace( '-', ' ', $searchq );
          
          $sql = "SELECT Image, Chain, Country, City, Top as '', Medium as '', Low as '' FROM Chains WHERE Country LIKE ? OR City LIKE ?"; // Your query string
          
          $prepare = $mysqli->prepare($sql); // Prepare your query string
          
          $prepare->bind_param('ss', removeSpecialChars($searchq), removeSpecialChars($searchq)); // Bind the placeholders to your search variables
          // s = string | i = integer | d = double | b = blob
          
          
          $prepare->execute(); // Execute the prepared statement
          
          $prepare->store_result(); // Store the results for later checking
          
          // Use num_rows to check if the results return a 0 or 1. 0 meaning false and 1 meaning true
          if($prepare->num_rows) {
          
              $prepare->bind_result($image, $chain, $country, $city, $top, $medium, $low); // Append variables to the columns you specified
          }else
          {
          	$results = false;
          $searchMsg = 'There were no search results for &lsquo;'. $searchq .'&rsquo;!';
          }
          
          ?>
          Who needs a Signature?

          Comment


          • #20
            Now I get an error:

            Strict Standards: Only variables should be passed by reference in /home/pintotou/public_html/Search/Search1.php on line 62

            Strict Standards: Only variables should be passed by reference in /home/pintotou/public_html/Search/Search1.php on line 62
            You can try

            I'll leave it like this for 15 mins. then I have to put things back so that the search works (minus the accents...)

            EDIT

            According to Notepad++ line 62 is this:

            // s = string | i = integer | d = double | b = blob
            Last edited by qim; 12-15-2015, 11:31 AM.

            Comment


            • #21
              This should fix it and have the accents working

              Code:
              <?php
              // function declarations
              
              function removeSpecialChars($str) {
                  $unwanted_array = array(    ''=>'S', ''=>'s', ''=>'Z', ''=>'z', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'C', ''=>'E', ''=>'E',
                                          ''=>'E', ''=>'E', ''=>'I', ''=>'I', ''=>'I', ''=>'I', ''=>'N', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'U',
                                          ''=>'U', ''=>'U', ''=>'U', ''=>'Y', ''=>'B', ''=>'Ss', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'c',
                                          ''=>'e', ''=>'e', ''=>'e', ''=>'e', ''=>'i', ''=>'i', ''=>'i', ''=>'i', ''=>'o', ''=>'n', ''=>'o', ''=>'o', ''=>'o', ''=>'o',
                                          ''=>'o', ''=>'o', ''=>'u', ''=>'u', ''=>'u', ''=>'y', ''=>'b', ''=>'y' );
              	return strtr( $str, $unwanted_array );
              }
              //application work
              $results = true;
              
              if(strlen(trim($_POST['keyword'])) <= 3) 
              {
              	$results = false;
              	$searchMsg = 'Please enter at least 3 characters';
              }
              
              
              // Find out if the user accessed the file directly
              //if($_SERVER['REQUEST_METHOD'] == 'GET') {
              
                //  header('Location:Search1.php'); // redirect the user if the form was not submitted.
                // die(); // Ignore anything after the die.
              
              //} elseif($_SERVER['REQUEST_METHOD'] == 'POST') {
              
              // this is a much neater method of detecting post, nothing posted, send them on their way	
              if(!isset($_POST)){
              	header('Location:http://pintotours.net/Search/Search1.php'); // redirect the user if the form was not submitted.
                  die(); // Ignore anything after the die. 
              
              }
              
              
              
              // Your database preferences
              // We are using constants instead of variables for this
              // You can use either or
              define('HOST', 'localhost'); // Database host
              define('pintotou_******', 'root'); // Database username
              define('*****', 'root'); // Database password
              define('pintotou_search', ''); // Database
              
              $mysqli = new mysqli('localhost', 'pintotou_*****', '*****', 'pintotou_search'); // Connect to the database using MySQLi_* OOP and constants
              if($mysqli->connect_errno) {
                  // Do not die or display any MySQL errors in this area.
                  die('Unable to connect to the mysql server');
              }
              
              $searchq = filter_var("%{$_POST['keyword']}%", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // Sanitize the string
              
              $searchq = str_replace( '-', ' ', $searchq );
              $searchq = removeSpecialChars($searchq);
              
              
              $sql = "SELECT Image, Chain, Country, City, Top as '', Medium as '', Low as '' FROM Chains WHERE Country LIKE ? OR City LIKE ?"; // Your query string
              
              $prepare = $mysqli->prepare($sql); // Prepare your query string
              
              $prepare->bind_param('ss', $searchq, $searchq); // Bind the placeholders to your search variables
              // s = string | i = integer | d = double | b = blob
              
              
              $prepare->execute(); // Execute the prepared statement
              
              $prepare->store_result(); // Store the results for later checking
              
              // Use num_rows to check if the results return a 0 or 1. 0 meaning false and 1 meaning true
              if($prepare->num_rows) {
              
                  $prepare->bind_result($image, $chain, $country, $city, $top, $medium, $low); // Append variables to the columns you specified
              }else
              {
              	$results = false;
              $searchMsg = 'There were no search results for &lsquo;'. $searchq .'&rsquo;!';
              }
              
              ?>
              Who needs a Signature?

              Comment


              • #22
                Hi

                I'm sorry but it still does not work

                try it in the index page and enter Svres. It does not return anything. If you put Sevres without the accent as it is in the database then it is fine, as before.

                EDIT

                Somehow, the query must be stripped of accents before it contacts the database. I guess this is not happening. The database is receiving something that it should understand but it does not because the charset has not been set in the script. That's my guess...

                EDIT

                I just noticed that you commented out the function and then refer to it. Is it supposed to be so?
                Last edited by qim; 12-15-2015, 12:07 PM.

                Comment


                • #23
                  I don't think it has anything to do with the database charset, what the function we are using is trying to do is remove the accent BEFORE the data is sent to the database.

                  try this

                  I have a feeling that when the string is sanitized it removes the accented 'e' or accented character, so i'm now trying the function prior to the sanitization and it should work now


                  Code:
                  <?php
                  // function declarations
                  
                  function removeSpecialChars($str) {
                      $unwanted_array = array(    'Š'=>'S', 'š'=>'s', 'Ž'=>'Z', 'ž'=>'z', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'A', ''=>'C', ''=>'E', ''=>'E',
                                              ''=>'E', ''=>'E', ''=>'I', ''=>'I', ''=>'I', ''=>'I', ''=>'N', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'O', ''=>'U',
                                              ''=>'U', ''=>'U', ''=>'U', ''=>'Y', ''=>'B', ''=>'Ss', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'a', ''=>'c',
                                              ''=>'e', ''=>'e', ''=>'e', ''=>'e', ''=>'i', ''=>'i', ''=>'i', ''=>'i', ''=>'o', ''=>'n', ''=>'o', ''=>'o', ''=>'o', ''=>'o',
                                              ''=>'o', ''=>'o', ''=>'u', ''=>'u', ''=>'u', ''=>'y', ''=>'b', ''=>'y' );
                  	return strtr( $str, $unwanted_array );
                  }
                  //application work
                  $results = true;
                  
                  if(strlen(trim($_POST['keyword'])) <= 3) 
                  {
                  	$results = false;
                  	$searchMsg = 'Please enter at least 3 characters';
                  }
                  
                  
                  // Find out if the user accessed the file directly
                  //if($_SERVER['REQUEST_METHOD'] == 'GET') {
                  
                    //  header('Location:Search1.php'); // redirect the user if the form was not submitted.
                    // die(); // Ignore anything after the die.
                  
                  //} elseif($_SERVER['REQUEST_METHOD'] == 'POST') {
                  
                  // this is a much neater method of detecting post, nothing posted, send them on their way	
                  if(!isset($_POST)){
                  	header('Location:http://pintotours.net/Search/Search1.php'); // redirect the user if the form was not submitted.
                      die(); // Ignore anything after the die. 
                  
                  }
                  
                  
                  
                  // Your database preferences
                  // We are using constants instead of variables for this
                  // You can use either or
                  define('HOST', 'localhost'); // Database host
                  define('pintotou_******', 'root'); // Database username
                  define('*****', 'root'); // Database password
                  define('pintotou_search', ''); // Database
                  
                  $mysqli = new mysqli('localhost', 'pintotou_*****', '*****', 'pintotou_search'); // Connect to the database using MySQLi_* OOP and constants
                  if($mysqli->connect_errno) {
                      // Do not die or display any MySQL errors in this area.
                      die('Unable to connect to the mysql server');
                  }
                  
                  $searchq = removeSpecialChars($_POST['keyword']);
                  $searchq = filter_var("%{$searchq}%", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // Sanitize the string
                  
                  $searchq = str_replace( '-', ' ', $searchq );
                  
                  $sql = "SELECT Image, Chain, Country, City, Top as '', Medium as '', Low as '' FROM Chains WHERE Country LIKE ? OR City LIKE ?"; // Your query string
                  
                  $prepare = $mysqli->prepare($sql); // Prepare your query string
                  
                  $prepare->bind_param('ss', $searchq, $searchq); // Bind the placeholders to your search variables
                  // s = string | i = integer | d = double | b = blob
                  
                  
                  $prepare->execute(); // Execute the prepared statement
                  
                  $prepare->store_result(); // Store the results for later checking
                  
                  // Use num_rows to check if the results return a 0 or 1. 0 meaning false and 1 meaning true
                  if($prepare->num_rows) {
                  
                      $prepare->bind_result($image, $chain, $country, $city, $top, $medium, $low); // Append variables to the columns you specified
                  }else
                  {
                  	$results = false;
                  $searchMsg = 'There were no search results for &lsquo;'. $searchq .'&rsquo;!';
                  }
                  
                  ?>
                  Who needs a Signature?

                  Comment


                  • #24
                    Hi
                    I'm going to send you a medal to put under the Xmas tree.

                    Guess what?...

                    It works!!!

                    many, many, many thanks

                    PS-

                    When you've recovered from this one could you find out why the code for the 3 letters is not working on IE8 and 9? It should but doesn't. Ther si no hurry.
                    Last edited by qim; 12-15-2015, 12:18 PM.

                    Comment


                    • #25
                      I need at least 6, mind you we should take 5 away because there's no way it should've taken me that long!

                      The problem was occurring here

                      Code:
                      $searchq = filter_var("%{$searchq}%", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // Sanitize the string
                      Which on it's own does exactly what you want it to, but when the accented characters were being passed into it, it was removing them and i was attempting to replace the accented character AFTER that had happened. Simple problem, simple solution, lots of time to find!

                      Anyway, there we go, all done!
                      Who needs a Signature?

                      Comment


                      • #26
                        Anyway, there we go, all done! :lol
                        Great! Thanks a lot!
                        Last edited by qim; 12-15-2015, 12:30 PM.

                        Comment


                        • #27
                          One last question:

                          is there a way of counting the number of times the Search query is used by visitors?

                          Comment


                          • #28
                            You can create a seperate php function that would run after the search which creates a connection to the db and adds a row to an audit table?

                            Code:
                            $mysqli = new mysqli(paramters);
                            $mysqli->query("INSERT INTO Audit (col1, col2, col3) VALUES (value1, value2, value3)");
                            Probably your best best!
                            Who needs a Signature?

                            Comment


                            • #29
                              See next post...
                              Last edited by qim; 12-16-2015, 09:30 AM.

                              Comment


                              • #30
                                OK. I created a table with 3 columns: ID (auto incremental), Country, City

                                Now I have one problem: the main table does not have an ID and so the function can't be like this...


                                $mysqli = new mysqli(parameters);
                                $mysqli->query("INSERT INTO Visitors (Country, City) VALUES (Country, City)");
                                what about (parameters)? do I have to change that to something else?
                                Last edited by qim; 12-16-2015, 09:33 AM.

                                Comment

                                Working...
                                X