 |
Account Login
|
 |
|
Latest Articles
|
|
|
Advertisement
|
|
|
Associates
|
|
|
Associates
|
|
|
 |
|
|
|
|
10-05-2007, 07:42 PM
|
#1 (permalink)
|
|
The Gregarious
Join Date: Sep 2007
Posts: 652
Thanks: 82
|
Need your feedback
Yea, this isn't working.. no idea why.
search.html
HTML Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<meta name="author" content="Tanax">
<script src="AJAXsearch.js"></script>
<title>Search</title>
</head>
<body>
<h1>Search:</h1>
<form>
<input type="text" name="search" onkeyup="search(this.value)">
</form>
<p>
<div id="results"><b>You can search for guilds, players, levels and vocations!</b></div>
</p>
</body>
</html>
AJAXsearch.js
Code:
var xmlHttp
function search(string) {
xmlHttp = GetXmlHttpObject()
if(xmlHttp == null) {
alert("Your browser does not support HTTP requests!")
return
}
var url = "search.php"
var url = url+"?keyword="+str
var url = url+"&sid="+Math.random()
xmlHttp.onreadystatechange = stateChanged
xmlHttp.open("GET", url, true)
xmlHttp.send(null)
}
function stateChanged() {
if(xmlHttp.readyState == 4 || xmlHttp.readyState == "complete") {
document.getElementById("results").innerHTML = xmlHttp.responseText
}
}
function GetXmlHttpObject() {
var xmlHttp = null
try {
// Firefox, Opera 8.0+, Safari
xmlHttp = new XMLHttpRequest()
}
catch (e) {
//Internet Explorer
try {
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP")
}
catch (e) {
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP")
}
}
return xmlHttp
}
search.php
PHP Code:
<?php
include('config.php');
$get = $_GET["keywords"];
if (isset($get) && $get != "") {
$search = urldecode($get);
$search = $system->db->makesafe($search);
$pSql = sprintf("SELECT * FROM ".$system->db->table['players']." WHERE name LIKE %1$s OR level LIKE %1$s OR vocation LIKE %1$s",
%$search%);
$pResult = $system->db->query($pSql);
$gSql = sprintf("SELECT * FROM ".$system->db->table['guilds']." WHERE name LIKE %s", %$search%);
$gResult = $system->db->query($gSql);
if (mysql_num_rows($pResult) != 0) {
echo '<h1>Players:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($pResult). ' results.</div><br />';
echo '<table><tr>';
echo '<td>Result</td>';
echo '<td>Name</td>';
echo '<td>Level</td>';
echo '<td>Vocation</td></tr>';
for ($i = 1; $player = mysql_fetch_object($pResult); $i++) {
echo '<tr>';
echo '<td>' .$i. '</td>';
echo '<td>' .$player->name. '</td>';
echo '<td>' .$player->level. '</td>';
echo '<td>' .$player->vocation. '</td>';
echo '</tr>';
}
echo '</table>';
}
else {
echo '<h1>Players:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($pResult). ' results.</div><br />';
}
if (mysql_num_rows($gResult) != 0) {
echo '<h1>Guilds:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($gResult). ' results.</div><br />';
echo '<table><tr>';
echo '<td>Result</td>';
echo '<td>Name</td>';
echo '<td>Owner</td></tr>';
for ($i = 1; $guild = mysql_fetch_object($gResult); $i++) {
$system->player->load($guild->ownerid);
$name = $system->player->getName();
echo '<tr>';
echo '<td>' .$i. '</td>';
echo '<td>' .$guild->name. '</td>';
echo '<td>' .$name. '</td>';
echo '</tr>';
}
echo '</table>';
}
else {
echo '<h1>Guilds:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($pResult). ' results.</div><br />';
}
}
else {
echo "You can search for guilds, players, levels and vocations!";
}
?>
When I write something, NOTHING gets up :S
I haven't actually created the table players yet, but that shouldn't matter, it should change the results div message to a db error message in that case. |
|
|
|
|
10-05-2007, 09:21 PM
|
#2 (permalink)
|
|
Moderateur
Join Date: Apr 2007
Posts: 700
Thanks: 2
|
Code:
// JavaScript line 15
var url = url+"?keyword="+str
// PHP line 4
$get = $_GET["keywords"];
For starters, the two keys are different (keyword/keywords) which really won't help at all.
Also, why do you keep putting %$search% (I've noticed this in other topics)? That'll produce a syntax error because the percent symbols just aren't allowed to be used like that.
Since you're using sprintf anyway, why not put the table name as an argument? (e.g, SELECT * FROM %2$s...)
Depending on your php.ini settings, if you don't pass along the keywords in the query string then the PHP engine will raise a Notice error ("Undefined index") -- it's trivial to check if the key exists before trying to assign it's value to a variable.
In your JavaScript, with regards to the multiple " var url", you only need to use var the first time to declare url as a variable local to that function. On line 15, quoted at the top of this post, you make reference to a str variable but the function argument is called string. I'd love to see you using semi-colons at the end of the lines but that's just a personal preference.
That's it for starters, I haven't even looked at the code in more than a brief manner but the above should get you moving along a bit.
__________________
|
|
|
|
|
10-05-2007, 09:48 PM
|
#3 (permalink)
|
|
The Gregarious
Join Date: Sep 2007
Posts: 652
Thanks: 82
|
Yea, but it's like the htm file doesn't even connect with the js file, because the div id result value doesn't change when I type in something.
Even if the php file is wrong, and that I did some query wrong, the mysql error should still be visible under the searchform :S
|
|
|
|
|
10-05-2007, 10:51 PM
|
#4 (permalink)
|
|
Moderateur
Join Date: Apr 2007
Posts: 700
Thanks: 2
|
Give your search function a different name. That, along with making the argument str instead of "string", should help.
__________________
|
|
|
|
|
10-05-2007, 11:16 PM
|
#5 (permalink)
|
|
The Gregarious
Join Date: Sep 2007
Posts: 652
Thanks: 82
|
Okey, I got this to so that the JS at least shows up:
HTML Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<meta name="author" content="Tanax">
<script src="AJAXsearch.js"></script>
<title>Search</title>
</head>
<body>
<h1>Search:</h1>
<form>
<input type="text" onkeyup="search(this.value)">
</form>
<p>
<div id="txtHint"><b>You can search for guilds, players, levels and vocations!</b></div>
</p>
</body>
</html>
Code:
var xmlHttp
function search(str) {
xmlHttp=GetXmlHttpObject()
if (xmlHttp==null) {
alert ("Browser does not support HTTP Request")
return
}
var url="search.php"
url=url+"?keyword="+str
url=url+"&sid="+Math.random()
xmlHttp.onreadystatechange=stateChanged
xmlHttp.open("GET",url,true)
xmlHttp.send(null)
}
function stateChanged() {
if (xmlHttp.readyState == 4 || xmlHttp.readyState == "complete") {
document.getElementById("txtHint").innerHTML = xmlHttp.responseText
}
}
function GetXmlHttpObject() {
var xmlHttp=null;
try {
// Firefox, Opera 8.0+, Safari
xmlHttp = new XMLHttpRequest();
}
catch (e) {
//Internet Explorer
try {
xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e) {
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
PHP Code:
<?php
include('config.php');
$get = $_GET["keyword"];
if (isset($get) && $get != "") {
$search = urldecode($get);
$search = $system->db->makesafe($search);
$pSql = sprintf("SELECT * FROM %1$s WHERE name LIKE %s OR level LIKE %s OR vocation LIKE %s",
$table['players'],
'%'.$search.'%',
'%'.$search.'%',
'%'.$search.'%');
$pResult = $system->db->query($pSql);
$gSql = sprintf("SELECT * FROM %s WHERE name LIKE %s",
$table['guilds'],
'%'.$search.'%');
$gResult = $system->db->query($gSql);
if (mysql_num_rows($pResult) != 0) {
echo '<h1>Players:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($pResult). ' results.</div><br />';
echo '<table><tr>';
echo '<td>Result</td>';
echo '<td>Name</td>';
echo '<td>Level</td>';
echo '<td>Vocation</td></tr>';
for ($i = 1; $player = mysql_fetch_object($pResult); $i++) {
echo '<tr>';
echo '<td>' .$i. '</td>';
echo '<td>' .$player->name. '</td>';
echo '<td>' .$player->level. '</td>';
echo '<td>' .$player->vocation. '</td>';
echo '</tr>';
}
echo '</table>';
}
else {
echo '<h1>Players:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($pResult). ' results.</div><br />';
}
if (mysql_num_rows($gResult) != 0) {
echo '<h1>Guilds:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($gResult). ' results.</div><br />';
echo '<table><tr>';
echo '<td>Result</td>';
echo '<td>Name</td>';
echo '<td>Owner</td></tr>';
for ($i = 1; $guild = mysql_fetch_object($gResult); $i++) {
$system->player->load($guild->ownerid);
$name = $system->player->getName();
echo '<tr>';
echo '<td>' .$i. '</td>';
echo '<td>' .$guild->name. '</td>';
echo '<td>' .$name. '</td>';
echo '</tr>';
}
echo '</table>';
}
else {
echo '<h1>Guilds:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($pResult). ' results.</div><br />';
}
}
else {
echo "<strong>Search again?</strong>";
}
?>
However, it gives me this error msg:
Quote:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\DB Class\search.php on line 33
Players:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\DB Class\search.php on line 61
Found results.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\DB Class\search.php on line 65
Guilds:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\wamp\www\DB Class\search.php on line 94
Found results.
|
|
|
|
|
|
10-06-2007, 03:20 PM
|
#6 (permalink)
|
|
The Reckoner
Join Date: Sep 2007
Posts: 436
Thanks: 22
|
After a quick look through (literally 2 mins) I would guess that the error is coming from your mix of $pResult and $gResult, surely they are both supposed to be the same?
Another suggestion would be to take a look at Prototype JS it'll make things so much easier for you. With it, you could easily cut down your Ajax Search JavsScript file to a few lines of code split between a few functions. |
|
|
|
|
10-06-2007, 03:46 PM
|
#7 (permalink)
|
|
Moderateur
Join Date: Apr 2007
Posts: 700
Thanks: 2
|
Your SELECT queries are not valid SQL since the values used in the LIKE statements are not delimited by quotation marks. Both queries have the same issue which needs to be fixed.
For example:
PHP Code:
// Wrong: SELECT * FROM table WHERE name LIKE search_term
$gSql = sprintf("SELECT * FROM %s WHERE name LIKE %s",
// Right: SELECT * FROM table WHERE name LIKE 'search_term'
$gSql = sprintf("SELECT * FROM %s WHERE name LIKE '%s' ",
__________________
|
|
|
|
|
10-06-2007, 05:00 PM
|
#8 (permalink)
|
|
The Gregarious
Join Date: Sep 2007
Posts: 652
Thanks: 82
|
Quote:
Originally Posted by Karl
After a quick look through (literally 2 mins) I would guess that the error is coming from your mix of $pResult and $gResult, surely they are both supposed to be the same?
Another suggestion would be to take a look at Prototype JS it'll make things so much easier for you. With it, you could easily cut down your Ajax Search JavsScript file to a few lines of code split between a few functions. |
Yea, but sorry, I don't know anything about Prototype JS ://
Quote:
Originally Posted by Salathe
Your SELECT queries are not valid SQL since the values used in the LIKE statements are not delimited by quotation marks. Both queries have the same issue which needs to be fixed.
For example:
PHP Code:
// Wrong: SELECT * FROM table WHERE name LIKE search_term
$gSql = sprintf("SELECT * FROM %s WHERE name LIKE %s",
// Right: SELECT * FROM table WHERE name LIKE 'search_term'
$gSql = sprintf("SELECT * FROM %s WHERE name LIKE '%s' ",
|
Thanks! I got it to work now without any PHP errors.
However, I got this:
Quote:
Players:
Found 1 results.
Result Name Level Vocation Profile
1
Account Manager
1
0
Link
Guilds:
Found 1 results.
|
As you see, it finds 1 result from the players, and it prints the result in a table. But it also finds a result from the guilds, but it doesn't print it :S
And this is only got to do with the PHP script, so here it is:
PHP Code:
<?php
/**
||||||||||||||||||||||||||||||||||||||||||
|||| @author Tanax
|||| @copyright 2007
||||||||||||||||||||||||||||||||||||||||||
**/
include('config.php');
$get = $_GET["keyword"];
if (isset($get) && $get != "") {
// Make the searchvalue safe from injections
$search = urldecode($get);
$search = $system->db->makesafe($search);
// Search for players
$pSql = sprintf("SELECT * FROM %s WHERE name LIKE '%s' OR level LIKE '%s' OR vocation LIKE '%s'",
$table['players'],
'%'.$search.'%',
'%'.$search.'%',
'%'.$search.'%');
$pResult = $system->db->query($pSql);
// Search for guilds
$gSql = sprintf("SELECT * FROM %s WHERE name LIKE '%s'",
$table['guilds'],
'%'.$search.'%');
$gResult = $system->db->query($gSql);
// Check if the player search returned any results
if (mysql_num_rows($pResult) != 0) {
// Echoes the table
echo '<h1>Players:</h1>';
echo '<div id="smalltext">Found ' .mysql_num_rows($pResult). ' results.</div><br />';
echo '<table border="1" width="500"><tr>';
echo '<th>Result</th>';
echo '<th>Name</th>';
echo '<th>Level</th>';
echo '<th>Vocation</th>';
echo '<th>Profile</th></tr>';
for ($i = 1; $player = mysql_fetch_object($pResult); $i++) {
echo '<tr>';
echo '<td><center>' .$i. '</center></td>';
echo '<td><center>' .$player->name. '</center></td>';
echo '<td><center>' .$player->level. '</center></td>';
echo '<td><center>' .$player->vocation. '</center></td>';
echo '<td><center><a href="account.php?name=' .$player->name. '">Link</a></center></td>';
echo '</tr>';
}
echo '</table>';
}
else {
echo '<h1>Players:</h1>' | |
