PHP Search

1. <?php
2. session_start();
3. if(!isset($_SESSION['sess_user_id']) || (trim($_SESSION['sess_user_id']) == '')) {
4.     header("location: login.php");
5.     exit();
6. }
7. if(!($_SESSION['sess_status'] > 0)) {
8.     header("location: sorry.php");
9. }
10.  
11.  
12. $whereClause = array();
13. $countyList = array();
14. $bindArray = array();
15.  
16. $fields = array( 'bhv','mrc','general','evv','allCounties','fillmore','johnson','richardson', 'otoe','seward','butler','gage','lancaster','pawnee','saline','thayer','cass','jefferson','nemaha','polk','saunders','york','aro','clergy','intskills','bus','child','law','cpr','data','security','emergency','computer','mechanical','administration','firstaid','translation','construction','basicclean','foodprep','animalcare','heavy','license1','license2','license3','license4','license5','dist1','dist2','dist3','dist4','dist5');
17. $counties = array('county1','county2','county3','county4','countr5','county6');
18. foreach($fields as $field)
19. {
20.     switch($field) {
21.         case "license1":
22.             if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)){
23.             $whereClause[] = "`license1` = :$field";
24.             $bindArray[":license1"] = $san;  
25.             $whereClause[] = "`license2` = :$field";
26.             $bindArray[":license1"] = $san;
27.             $whereClause[] = "`license3` = :$field";
28.             $bindArray[":license1"] = $san;  
29.             $whereClause[] = "`license4` = :$field";
30.             $bindArray[":license1"] = $san;  
31.             $whereClause[] = "`license5` = :$field";
32.             $bindArray[":license1"] = $san;
33.             }
34.             break;
35.         case "license2":
36.             if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)){
37.             $whereClause[] = "`license1` = :license21";
38.             $bindArray[":license21"] = $san;  
39.             $whereClause[] = "`license2` = :license22";
40.             $bindArray[":license22"] = $san;
41.             $whereClause[] = "`license3` = :license23";
42.             $bindArray[":license23"] = $san;  
43.             $whereClause[] = "`license4` = :license24";
44.             $bindArray[":license24"] = $san;  
45.             $whereClause[] = "`license5` = :license25";
46.             $bindArray[":license25"] = $san;
47.             }
48.             break;
49.         case "license3":
50.             if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)){
51.             $whereClause[] = "`license1` = :$field";
52.             $bindArray[":license3"] = $san;  
53.             $whereClause[] = "`license2` = :$field";
54.             $bindArray[":license3"] = $san;
55.             $whereClause[] = "`license3` = :$field";
56.             $bindArray[":license3"] = $san;  
57.             $whereClause[] = "`license4` = :$field";
58.             $bindArray[":license3"] = $san;  
59.             $whereClause[] = "`license5` = :$field";
60.             $bindArray[":license3"] = $san;
61.             }
62.             break;
63.         case "license4":
64.             if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)){
65.             $whereClause[] = "`license1` = :$field";
66.             $bindArray[":license4"] = $san;  
67.             $whereClause[] = "`license2` = :$field";
68.             $bindArray[":license4"] = $san;
69.             $whereClause[] = "`license3` = :$field";
70.             $bindArray[":license4"] = $san;  
71.             $whereClause[] = "`license4` = :$field";
72.             $bindArray[":license4"] = $san;  
73.             $whereClause[] = "`license5` = :$field";
74.             $bindArray[":license4"] = $san;
75.             }
76.             break;
77.         case "license5":
78.             if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)){
79.             $whereClause[] = "`license1` = :$field";
80.             $bindArray[":license5"] = $san;  
81.             $whereClause[] = "`license2` = :$field";
82.             $bindArray[":license5"] = $san;
83.             $whereClause[] = "`license3` = :$field";
84.             $bindArray[":license5"] = $san;  
85.             $whereClause[] = "`license4` = :$field";
86.             $bindArray[":license5"] = $san;  
87.             $whereClause[] = "`license5` = :$field";
88.             $bindArray[":license5"] = $san;
89.             }
90.             break;
91.         default:
92.             if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)){
93.                 $whereClause[] = "`$field` = :$field";
94.                 $bindArray[":$field"] =  $san;  
95.             }
96.            
97.     }
98. }
99. foreach($counties as $county)
100. {
101.     if($san = filter_input(INPUT_POST, $county, FILTER_SANITIZE_STRING)){
102.          $countyList[] = ":$county";
103.          $bindArray[":$county"] = $san;
104.     }
105. }
106. $sql = "SELECT * FROM VolunDB";
107. if(!empty($countyList)) $sqlC = '`county` IN(' . implode(',', $countyList) . ')';
108. if(!empty($whereClause)) $sqlW = implode(' AND ', $whereClause);
109. $stmtString = $sql;
110. if(isset($sqlC) && isset($sqlW)){
111.     $stmtString .= ' WHERE ' . $sqlC . ' AND ' . $sqlW;
112. }elseif(isset($sqlC)){
113.     $stmtString .= ' WHERE ' . $sqlC;
114. }elseif(isset($sqlW)){
115.     $stmtString .= ' WHERE ' . $sqlW;
116. }
117. echo $stmtString;
118. //var_dump($whereClause);
119. //var_dump($bindArray);
120. $dbh = new PDO('mysql:host=localhost;dbname=petrzilk_test;charset=utf8', 'petrzilk_dbAdmin', '######');
121. $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
122. $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
123. $stmt = $dbh->prepare($stmtString);
124. $stmt->execute($bindArray);
125. $data = $stmt->fetchAll(PDO::FETCH_ASSOC);
126. //foreach($data as $person)
127. //{
128. //    echo $person['lname'] . ', ' . $person['fname'] . '<br />';
129. //}
130. ?>
131. <!DOCTYPE HTML>
132. <html>
133.     <head>
134.         <title>Search Results</title>
135.         <script type="text/javascript" src="js/functions.js"> </script>
136.         <link rel="stylesheet" href="css/bootstrap-theme.css" type="text/css" />
137.         <link rel="stylesheet" href="css/bootstrap.css" type="text/css" />
138.         <link rel="stylesheet" href="css/styles.css" type="text/css">
139.         <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"></script>
140.     </head>
141.     <div class="sidebar">
142.             <ul class="nav nav-pills nav-stacked">
143.                 <li><br/></li>
144.                 <li><img class='logo' src='images/Large RVS.png' alt='Broken' style='width:230px; padding-left: 5%;'/></li>
145.                 <li><br/></li>
146.                 <li><span class="welcome" style="color:white;font-weight:Bold;font-size:20px;margin-left:5px;padding-left:5px;"> Welcome  <?php echo $_SESSION['sess_name'] ?></span></li>
147.                 <li><a href="login.php">Log out</a></li>
148.                 <li><a href="index.php">Home</a><li>
149.                 <li><a href="volunForm.php">Add Volunteer</a></li>
150.                 <li><a href="search.php">Search/Report</a></li>
151.                 <li class="active"><a href="allVolun.php">View Volunteers</a></li>
152.                 <li><a href="updateVolunteer.php">Update Volunteer</a></li>
153.                  <?php
154.                 if ($_SESSION['sess_status'] == 2) {
155.                     echo "<li><a href='admin.php'>Admin CP</a></li>";
156.                     }
157.                 ?>
158.                 <li><a href="userCP.php">User Control Panel</a></li>
159.                 <li><a href="contact.php">Contact Us</a></li>
160.             </ul>
161.         </div>
162.         <div class="content">
163.             <?php
164.             foreach($data as $person)
165.                 {
166.                     echo $person['lname'] . ', ' . $person['fname'] . '<br />';
167.                 }
168.             ?>
169.         </div>
170.        
171.     </body>
172. </html>