CODEWITHSUNDEEP
phpmysqlsearch
kevstarlive
kevstarlive

Reputation: 260

search.php page bringing back errors

im creating a search page for my site as you can SEE HERE

which i got from this tutorial

when entering anything in to the search box and hitting search im getting a few errors saying:

**Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in article.php on line 46

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in article.php on line 46

Warning: mysql_query() [function.mysql-query]: Access denied for user 'root'@'localhost' (using password: NO) in article.php on line 61

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in article.php on line 61

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in article.php on line 64

can anyone see what it means?

my search.php code is this: 

<?php

include_once('include/connection.php');
include_once('include/article.php');


$article = new storearticle();

$articles = $article->fetch_all();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />

<title>Search Xclo</title>
<link rel="stylesheet" href="other.css" />
</head>

<body>

<div>
 <h1>Search</h1>
<form action="" method="GET">
<p>

<input type="text" name="term" />
<input type="submit" value="search" />
</p>
</form>
</div>

<div>
    <?PHP

 if (empty($_GET['term']) === false){
   $search_results = search_posts($_GET['term']);

if (empty($search_results)){
    echo 'Your Search Returned No Results.';
    }

   foreach ($search_results as $result){
      echo "<h3>($result['title'])</h3>";
      echo "<p>($result['body'])</p>";    
      }

}
?>
</div>
</body>

</html>

and my article.php is this: 

    <?php

class storearticle {
public function fetch_all(){
    global $pdo;
      $query = $pdo->prepare("SELECT * FROM mobi");
      $query->execute();
return $query->fetchAll();
              }

public function fetch_data($promo_title) {
   global $pdo;

 $query = $pdo->prepare("SELECT * FROM mobi WHERE promo_title = ?");
  $query->bindValue(1, $promo_title);
   $query->execute();

return $query->fetch(); 

}

}

class category {
public function fetch_all(){
    global $pdo;
      $query = $pdo->prepare("SELECT DISTINCT `promo_cat` FROM mobi");
      $query->execute();
return $query->fetchAll();
              }

public function fetch_data($promo_cat) {
   global $pdo;

 $query = $pdo->prepare("SELECT DISTINCT * FROM mobi WHERE `something`  = 'something'");
  $query->bindValue(1, $promo_cat);
   $query->execute();

return $query->fetch(); 

}

}

function search_posts($term){
    $keywords = preg_split('#\s+#',mysql_real_escape_string($term));

$title_where   = "'promo_title' LIKE '%" . implode("%' OR 'promo_title' LIKE '%", $keywords) . "%'";
$content_where   = "'promo_content' LIKE '%" . implode("%' OR 'promo_content' LIKE '%", $keywords) . "%'";
$name_where   = "'promo_name' LIKE '%" . implode("%' OR 'promo_name' LIKE '%", $keywords) . "%'";

 $sql = "SELECT 
              'promo_title' AS 'title',
              LEFT('promo_content', 100) AS 'body',
              'promo_name' AS 'name'
              FROM 'mobi'
              WHERE {$title_where}
              OR {$content_where}
              OR {$name_where}";

    $result = mysql_query($sql);

    $results = array();
    while (($row = mysql_fetch_Assoc($result)) !== false){
        $results[] = $row;

     return $results;
}
}



?>

my connection.php code is this:

<?php

try {
$pdo = new PDO('mysql:host=localhost;dbname=xclo', 'xclo', 'xclo');
}catch (PDOException $e){
  exit('Database Error.');
}

?>

What can I add to this page to make it work?

thanks.

Upvotes: 0

Views: 114

Answers (4)

PaulRoth
PaulRoth

Reputation: 314

You have to make one connection to MySql server before using mysql_real_escape_string.

See: http://php.net/manual/de/book.mysql.php or http://php.net/manual/de/book.pdo.php

EDIT: Try this (not tested):

function search_posts($term)
{
  global $pdo;

  $keywords = preg_split('#\s+#', $term);

  $title_where = "'promo_title' LIKE '%" . implode("%' OR 'promo_title' LIKE '%", $keywords) . "%'";
  $content_where = "'promo_content' LIKE '%" . implode("%' OR 'promo_content' LIKE '%", $keywords) . "%'";
  $name_where = "'promo_name' LIKE '%" . implode("%' OR 'promo_name' LIKE '%", $keywords) . "%'";

  $sql = "SELECT
          'promo_title' AS 'title',
          LEFT('promo_content', 100) AS 'body',
          'promo_name' AS 'name'
          FROM 'mobi'
          WHERE {$title_where}
          OR {$content_where}
          OR {$name_where}";

  return $pdo->query($sql)->fetchAll(PDO::FETCH_ASSOC);
}

EDIT: Oh sorry, try this ;-)

function search_posts($term)
{
  global $pdo;

  $keywords = preg_split('#\s+#', $term);

  $title_where = "`promo_title` LIKE '%" . implode("%' OR `promo_title` LIKE '%", $keywords) . "%'";
  $content_where = "`promo_content` LIKE '%" . implode("%' OR `promo_content` LIKE '%", $keywords) . "%'";
  $name_where = "`promo_name` LIKE '%" . implode("%' OR `promo_name` LIKE '%", $keywords) . "%'";

  $sql = "SELECT
          `promo_title` AS 'title',
          LEFT(`promo_content`, 100) AS 'body',
          `promo_name` AS 'name'
          FROM `mobi`
          WHERE {$title_where}
          OR {$content_where}
          OR {$name_where}";

  return $pdo->query($sql)->fetchAll(PDO::FETCH_ASSOC);
}

Upvotes: 1

Sid
Sid

Reputation: 856

Try

echo "<h3>{$result['title']}</h3>";
echo "<p>{$result['body'])}</p>";

OR Try

echo "<h3>".$result['title']."</h3>";
echo "<p>".$result['body']."</p>";

Instead of

echo "<h3>($result['title'])</h3>";
echo "<p>($result['body'])</p>";

EDIT

Now for your updated question, as the error suggests, you are not connected to the mysql database for carrying out the concerned operations.

You can try passing a link identifier to the mysql_real_escape_string function like

$keywords = preg_split('#\s+#',mysql_real_escape_string($term, $con));

where $con defines your mysql connection.

Upvotes: 1

Anigel
Anigel

Reputation: 3437

The problem is with 

echo "<h3>($result['title'])</h3>";

the problem is that php will not parse this correctly unless the variable is either concatenated with the echo 

echo "<h3>(".$result['title'].")</h3>";

or encapsulted with {}

echo "<h3>({$result['title']})</h3>";

Upvotes: 0

PaulRoth
PaulRoth

Reputation: 314

Replace:

echo "<h3>($result['title'])</h3>";
echo "<p>($result['body'])</p>";

With:

echo "<h3>{$result['title']}</h3>";
echo "<p>{$result['body']}</p>";

Upvotes: 1

Related Questions