Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $dbHost = 'localhost'; // localhost will be used in most cases
- // set these to your mysql database username and password.
- $dbUser = 'xxxxxxxx';
- $dbPass = 'xxxxxxx';
- $dbDatabase = 'stock'; // the database you put the table into.
- $con = mysql_connect($dbHost, $dbUser, $dbPass) or trigger_error("Failed to connect to MySQL Server. Error: " . mysql_error());
- mysql_select_db($dbDatabase) or trigger_error("Failed to connect to database {$dbDatabase}. Error: " . mysql_error());
- // Set up our error check and result check array
- $error = array();
- $results = array();
- // First check if a form was submitted.
- // Since this is a search we will use $_GET
- if (isset($_GET['search'])) {
- $searchTerms = trim($_GET['search']);
- $searchTerms = strip_tags($searchTerms); // remove any html/javascript.
- if (strlen($searchTerms) < 2) {
- $error[] = "Search terms must be longer than 2 characters.";
- }else {
- $searchTermDB = mysql_real_escape_string($searchTerms); // prevent sql injection.
- }
- // If there are no errors, lets get the search going.
- if (count($error) < 1) {
- $searchSQL = "SELECT mastercategory, category, product_desc, barcode, serial FROM main_stock WHERE ";
- // grab the search types.
- $types = array();
- $types[] = isset($_GET['barcode'])?"`barcode` LIKE '%{$searchTermDB}%'":'';
- $types = array_filter($types, "removeEmpty"); // removes any item that was empty (not checked)
- if (count($types) < 1)
- $types[] = "`barcode` LIKE '%{$searchTermDB}%'"; // use the body as a default search if none are checked
- $andOr = isset($_GET['matchall'])?'AND':'OR';
- $searchSQL .= implode(" {$andOr} ", $types) . " ORDER BY `barcode`"; // order by title.
- $searchResult = mysql_query($searchSQL) or trigger_error("There was an error.<br/>" . mysql_error() . "<br />SQL Was: {$searchSQL}");
- if (mysql_num_rows($searchResult) < 1) {
- $error[] = "The scanned barcode {$searchTerms} is not in the database.";
- }else {
- $results = array(); // the result array
- $i = 1;
- while ($row = mysql_fetch_assoc($searchResult)) {
- $results[] = "{$i}:Product Name : <br /> {$row['product_desc']} <br />Master Category : <br /> {$row['mastercategory']}<br />Sub Category : <br /> {$row['category']}<br />Barcode : {$row['barcode']} <br />Serial No. : {$row['serial']}";
- $i++;
- }
- }
- }
- }
- function removeEmpty($var) {
- return (!empty($var));
- }?>
- <html>
- <title>Search Form</title>
- <BODY onLoad="document.forms.searchForm.search.focus()">
- <form action="index.php">
- <center>
- <span class="formcentjc">
- <input type=submit value="Home" />
- </span>
- </center>
- </form>
- <?php echo (count($error) > 0)?"The following had errors:<br /><span id="error">" . implode("<br />", $error) . "</span><br /><br />":""; ?>
- <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="GET" name="searchForm" class="cent">
- <onLoad="document.searchForm.search()">
- <table width="196" border="1">
- <tr>
- <th bgcolor="#D6D6D6" style="text-align: center" scope="col">Search For:</th>
- </tr>
- <tr style="text-align: center">
- <td class="cent1">
- <input name="search" type="text" onFocus="this.value='';" value="<?php echo isset ($searchTerms)?htmlspecialchars($searchTerms):''; ?>" size="28" maxlength="15" />
- <span style="text-align: center"></span></td>
- </tr>
- </table>
- </form>
- <p>
- <tr>
- <td bgcolor="#D6D6D6"><form action="addproduct.php">
- <center>
- <span class="formcentjc">
- <input type=submit value="Add New Product" />
- </span>
- </center>
- </form></td>
- </tr>
- <tr>
- </p>
- <?php
- echo (count($results) > 0)?"SUCCESS: {$searchTerms} :<br /><br />" . implode("", $results):"";
- ?>
- </body>
- </html>
- $id = mysqli::real_escape_string($_GET['id']);
- $data = mysqli::query("SELECT * FROM table WHERE id = '{$id}'");
- //Check to see if we got any data back :)
- <input name="value1" type="hidden" value="<?php echo stripslashes($data['value1'])" />
- $id = mysqli::real_escape_string($_GET['id']);
- $value1 = mysqli::real_escape_string($_POST['value1']);
- $value2 = mysqli::real_escape_string($_POST['value2']);
- mysqli::query("UPDATE table SET value1='{$value1}', value2='{$value2}' ... WHERE id = '{$id}' LIMIT 1");
- $fetchedProducts = array();
- while (/*Loop condition to loop through fetched results*/) {
- array_push($loopVariable['productName'], $fetchedProducts);
- //Build HTML to display results
- }
- //Insert into database
- $products = mysqli::real_escape_string(json_encode($fetchedProducts));
- $timestamp = strtotime("now");
- $status = "some status";
- mysqli::query("INSERT INTO searchRecords (
- `id`, `products`, `timestamp`, `status`
- ) VALUES (
- NULL, '{$products}', '{$timestamp}', '{$status}'
- )");
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement