API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 4th, 2016
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.21 KB | None | 0 0
raw download clone embed print report
  1. //Details in asterisk to hide.
  2. <?php
  3. define('DB_SERVER', '******');
  4. define('DB_USERNAME', '*******');
  5. define('DB_PASSWORD', '*******');
  6. define('DB_DATABASE', '*******');
  7. $db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
  8.  
  9.  
  10.  
  11.  
  12.  
  13.  
  14. $query = "SELECT user_id, username, user_password FROM User_Login WHERE username='$username' AND user_password='$password'",
  15. $username = mysqli_real_escape_string($db,$_GET['username']),
  16. $password = mysqli_real_escape_string($db,$_GET['password']);
  17.  
  18. // Perform Query
  19. $result = mysqli_query($db,$query);
  20.  
  21. // Check result
  22. // This shows the actual query sent to MySQL, and the error. Useful for debugging.
  23. if (!$result) {
  24. $message = 'Invalid query: ' . mysqli_error($db) . "n";
  25. $message .= 'Whole query: ' . $query;
  26. die($message);
  27. }
  28.  
  29. // Use result
  30. // Attempting to print $result won't allow access to information in the resource
  31. // One of the mysql result functions must be used
  32.  
  33. while ($row = mysqli_fetch_assoc($result)) {
  34. echo $row['$username'];
  35. echo $row['username'];
  36. echo $row['user_password'];
  37. }
  38.  
  39. // Free the resources associated with the result set
  40. // This is done automatically at the end of the script
  41. mysqli_free_result($result);
  42. ?>
  43.  
  44. <?php
  45.  
  46. mysql_connect("localhost", "root", "12450") or die("Error connecting to database: ".mysql_error());
  47. /*
  48. localhost - it's location of the mysql server, usually localhost
  49. root - your username
  50. third is your password
  51.  
  52. if connection fails it will stop loading the page and display an error
  53. */
  54.  
  55. mysql_select_db("myDatabase") or die(mysql_error());
  56. /* tutorial_search is the name of database we've created */
  57.  
  58. ?>
  59.  
  60. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  61. <html xmlns="http://www.w3.org/1999/xhtml">
  62. <head>
  63. <title>Search Results</title>
  64. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  65. </head>
  66.  
  67. <body>
  68.  
  69. <div data-role="page" id="SearchResultsPage" data-theme="b" data-add-back-btn="true">
  70. <div data-role="header">
  71. <h1>Search Results</h1>
  72. </div>
  73.  
  74. <?php
  75.  
  76. $query = $_GET['query'];
  77. // gets value sent over search form
  78.  
  79. $min_length = 3;
  80. // you can set minimum length of the query if you want
  81.  
  82. if(strlen($query) >= $min_length){ // if query length is more or equal minimum length then
  83.  
  84. $query = htmlspecialchars($query);
  85. // changes characters used in html to their equivalents, for example: < to >
  86.  
  87. $query = mysql_real_escape_string($query);
  88. // makes sure nobody uses SQL injection
  89.  
  90. $raw_results = mysql_query("SELECT * FROM emplist
  91. WHERE (`lfname` LIKE '%".$query."%') OR (`id` LIKE '%".$query."%')") or die(mysql_error());
  92.  
  93. // * means that it selects all fields, you can also write: `id`, `title`, `text`
  94. // articles is the name of our table
  95.  
  96. // '%$query%' is what we're looking for, % means anything, for example if $query is Hello
  97. // it will match "hello", "Hello man", "gogohello", if you want exact match use `title`='$query'
  98. // or if you want to match just full word so "gogohello" is out use '% $query %' ...OR ... '$query %' ... OR ... '% $query'
  99.  
  100. if(mysql_num_rows($raw_results) > 0){ // if one or more rows are returned do following
  101.  
  102. while($results = mysql_fetch_array($raw_results)){
  103. // $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop
  104.  
  105. echo "<h4><p>".$results['lfname']."</h4>"." ".$results['phonenum']." <br> MCI #".$results['id']." <br> ".$results['state']." ".$results['zip']."</p>";
  106. // posts results gotten from database
  107. }
  108.  
  109. }
  110. else{ // if there is no matching rows do following
  111. echo "No results found";
  112. }
  113.  
  114. }
  115. else{ // if query length is less than minimum
  116. echo "ERROR Minimum length is ".$min_length;
  117. }
  118.  
  119. ?>
  120.  
  121. </body>
  122.  
  123. <div data-role="content"></div>
  124. <input type="button" name="bIndex" value="Back" onclick="location.href='Index.php'">
  125. <div data-role="footer" data-theme="b">
  126. <h4>____?____?____?___?____ &copy; 2016</h4>
  127. </div>
  128.  
  129.  
  130. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!