View difference between Paste ID: <a href="/ZUcAcEtR">ZUcAcEtR</a> and <a href="/CkwW8A1V">CkwW8A1V</a>

<!-- Yahoo Answers: http://answers.yahoo.com/question/index?qid=20130614195000AAV5Uey
1		<!-- Yahoo Answers: http://answers.yahoo.com/question/index?qid=20130614195000AAV5Uey
2		<form action="show.php" method="post">
3		<input type="text" value="Enter Site ID" name="a" class="textfield_effect" maxlength="30" onfocus="this.value=''">
4		</td>
5		</tr>
6	-	<td align="center" style="font-family:Calibri">
6	+
7	-	<input type="submit" value=""/>
7	+	<td align="center" style="font-family:Calibri">
8		<input type="submit" value=""/>
9		</form>
10
11
12	-	$con=mysqli_connect("mysql.crunkboxhost.com","CHANGED","CHANGED","CHANGED");
12	+
13	-	// Check connection
13	+
14	-	if (mysqli_connect_errno())
14	+	<tr>
15	-	{
15	+	<th>ID</th>
16	-	echo "Failed to connect to MySQL: " . mysqli_connect_error();
16	+	<th>Post Code</th>
17	-	}
17	+	<th>Taxi Name</th>
18		<th>Price per mile</th>
19	-	$a= $_POST["a"];
19	+	<th>Rating</th>
20	-	$result = mysqli_query($con,"SELECT *
20	+	<th>Location</th>
21	-	FROM `datasearch`
21	+	<th>Are they online?</th>
22	-	WHERE `TAXINAME` LIKE '$a'
22	+	<th>Are they busy?</th>
23	-	LIMIT 0 , 30");
23	+	</tr>" . PHP_EOL;
24	-	$query = "SELECT * FROM datasearch WHERE ID LIKE '%".$_POST['search']."%'";
24	+
25		if( $_SERVER['REQUEST_METHOD'] === 'POST'){
26		$con = mysqli_connect("mysql.crunkboxhost.com","CHANGED","CHANGED","CHANGED");
27		// Check connection
28	-	<th>ID</th>
28	+	if (mysqli_connect_errno()) {
29	-	<th>Post Code</th>
29	+	echo '<tr><td colspan="8">Failed to connect to MySQL: </td></tr><tr><td colspan="8">' . mysqli_connect_error($con) . '</td></tr>';
30	-	<th>Taxi Name</th>
30	+	}else{
31	-	<th>Price per mile</th>
31	+
32	-	<th>Rating</th>
32	+	$a = mysqli_real_escape_string( trim( $_POST["a"] ) ); // SQL Injection protection (Not Best, but better than nothing)
33	-	<th>Location</th>
33	+	$result = mysqli_query($con,"SELECT * FROM datasearch WHERE TAXINAME LIKE '%$a%' LIMIT 0,30"); // Don't forget the wildcards
34	-	<th>Are they online?</th>
34	+	if( !$result ){ // Malformed Query Statement
35	-	<th>Are they busy?</th>
35	+	echo '<tr><td colspan="8">Internal Error: </td></tr><tr><td colspan="8">' . mysqli_error($con) . '</td></tr>';
36	-	</tr>";
36	+	}else if( $result->num_rows === 0){ // No Rows Returned / Not matches
37		echo '<tr><td colspan="8">No results found for "' . $a . '".</td></tr>';
38	-	while($row = mysqli_fetch_array($result))
38	+	}else{ // Matches
39	-	{
39	+	// $query = "SELECT * FROM datasearch WHERE ID LIKE '%".$_POST['search']."%'"; // No IDEA what this is trying to accomplish, unless it's some attempt at a caching system
40	-	echo "<tr>";
40	+
41	-	echo "<td>" . $row['ID'] . "</td>";
41	+	while($row = mysqli_fetch_assoc($result)) {
42	-	echo "<td>" . $row['POSTCODE'] . "</td>";
42	+	echo "<tr>";
43	-	echo "<td>" . $row['TAXINAME'] . "</td>";
43	+	echo "<td>" . $row['ID'] . "</td>";
44	-	echo "<td>" . $row['PRICEPERMILE'] . "</td>";
44	+	echo "<td>" . $row['POSTCODE'] . "</td>";
45	-	echo "<td>" . $row['RATING'] . "</td>";
45	+	echo "<td>" . $row['TAXINAME'] . "</td>";
46	-	echo "<td>" . $row['RATING'] . "</td>";
46	+	echo "<td>" . $row['PRICEPERMILE'] . "</td>";
47	-	echo "<td>" . $row['LOCATION'] . "</td>";
47	+	echo "<td>" . $row['RATING'] . "</td>";
48	-	echo "<td>" . $row['ONLINE'] . "</td>";
48	+	echo "<td>" . $row['LOCATION'] . "</td>";
49	-	echo "<td>" . $row['BUSY'] . "</td>";
49	+	echo "<td>" . $row['ONLINE'] . "</td>";
50	-	echo "<td>" . $row[''] . "</td>";
50	+	echo "<td>" . $row['BUSY'] . "</td>";
51	-	echo "</tr>";
51	+	echo "</tr>";
52	-	}
52	+	}
53	-	echo "</table>";
53	+	}
54	-	mysqli_close($con);
54	+
55		}
56		if( is_resource($con) ){
57		mysqli_close($con);
58		}
59		}else{
60		echo '<tr><td colspan="8">Please Enter Site ID to search.</td></tr>';
61		}
62		echo "</table>";