Re: Help with a Search Function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Terion Miller wrote:
> Hey Everyone, been steaming right along for a couple days but now I'm stuck
> on writing a search function, could you all take a look at it and see what
> it could be, I will mark the line throwing the error in red, I did try just
> commenting out that line and searching for a record by OrderID that I know
> is there but it does not return anything , I am trying to search several
> tables in one db:
> 
> Code:

First off, and I think I have told you this before, I highly recommend that you escape your code with mysql_real_escape_string().

I am guessing that you are probably relying on magic_quote_gpc() to do it for you, but is going to catch up with you some day.

> <?php
> session_start();
> include("inc/dbconn_open.php");
> 
> if (empty($_SESSION['AdminLogin']) OR $_SESSION['AdminLogin'] <> 'OK' ){
>     header ("Location: LogOut.php");
> }
> 
> if (isset($_GET['AdminID']) && !empty($_GET['AdminID'])){
>     $AdminID = $_GET['AdminID'];
> } elseif (isset($_POST['AdminID']) && !empty($_POST['AdminID'])){
>     $AdminID = $_POST['AdminID'];
> } else {
>     header ("Location: LogOut.php");
> }
> 
>     $query = "SELECT SearchWorkOrder FROM admin WHERE AdminID='$AdminID'";
>     $result = mysql_query ($query);
>     $row = mysql_fetch_object ($result);
>     if ($row->SearchWorkOrder == "NO") {
>         header ("Location:
> Welcome.php?AdminID='.$_SESSION[AdminLogin]'&msg=Sorry, you do not have
> access to that page.");
>     }
> 
> if (isset($_POST['WorkOrderID'])) {$WorkOrderID = $_POST['WorkOrderID'];}
> else {$WorkOrderID = '';}
> if (isset($_POST['WorkOrderName'])) {$WorkOrderName =
> $_POST['WorkOrderName'];} else {$WorkOrderName = '';}
> if (isset($_POST['CustomerName'])) {$CustomerName = $_POST['CustomerName'];}
> else {$CustomerName = '';}
> if (isset($_POST['CustomerEmail'])) {$CustomerEmail =
> $_POST['CustomerEmail'];} else {$CustomerEmail = '';}
> if (isset($_POST['SalesRep'])) {$SalesRep = $_POST['SalesRep'];} else
> {$SalesRep = '';}
> if (isset($_POST['SalesRepEmail'])) {$SalesRepEmail =
> $_POST['SalesRepEmail'];} else {$SalesRepEmail = '';}
> 
> if (isset($_POST['SortBy'])) {$SortBy = $_POST['SortBy'];} else {$SortBy =
> 'WorkOrderID DESC';}
> if (isset($_POST['Page'])) {$Page = $_POST['Page'];} else {$Page = 1;}
> 
> $PerPage = 30;
> $StartPage = ($Page - 1) * $PerPage;
> $OrderID = '';
> 
> 
>     // All Orders
>     $sql = "SELECT WorkOrderID FROM workorders WHERE WorkOrderID <>'' ";
>     if (!empty($WorkOrderName)) {
>         $sql .= "AND Advertiser LIKE '%". $WorkOrderName ."%' ";
>     }
>     if (!empty($WorkOrderID)) {
>         $sql .= "AND WorkOrderID LIKE '%". $WorkOrderID ."%' ";
>     }
>     $result = mysql_query ($sql);
>     while ($row = mysql_fetch_object ($result)) {
>         $OrderID = $OrderID .", ". $row->WorkOrderID;
>     }
> 
> 
> 
>     // Work Orders
>     if (!empty($CustomerName) || !empty($CustomerEmail) || !empty($SalesRep)
> || !empty($SalesRepEmail)) {
>         $sql = "SELECT WorkOrderID FROM workorderform WHERE WorkOrderID<>''
> ";
>         if (!empty($CustomerName)) {
>             $sql .= "AND Advertiser LIKE '%". $CustomerName ."%' ";
>         }
>         if (!empty($CustomerEmail)) {
>             $sql .= "AND AdContactEmail LIKE '%". $CustomerEmail ."%' ";
>         }
>         if (!empty($SalesRep)) {
>             $sql .= "AND Salesperson LIKE '%". $SalesRep ."%' ";
>         }
>         if (!empty($SalesRepEmail)) {
>             $sql .= "AND SalespersonEmail LIKE '%". $SalesRepEmail ."%' ";
>         }
>         $result = mysql_query ($sql);
>         while ($row = mysql_fetch_object ($result)) {
>             $OrderID = $OrderID .", ". $row->WorkOrderID;
>         }
>     }
> 
>     // Homescape Builder Profile
>     if (!empty($CustomerName) || !empty($CustomerEmail) || !empty($SalesRep)
> || !empty($SalesRepEmail)) {
>         $sql = "SELECT WorkOrderID FROM hs_builder_profile WHERE
> WorkOrderID<>'' ";
>         if (!empty($CustomerName)) {
>             $sql .= "AND OrganizationName LIKE '%". $CustomerName ."%' ";
>         }
>         if (!empty($CustomerEmail)) {
>             $sql .= "AND LeadEmail LIKE '%". $CustomerEmail ."%' ";
>         }
>         if (!empty($SalesRep)) {
>             $sql .= "AND Salesperson LIKE '%". $SalesRep ."%' ";
>         }
>         if (!empty($SalesRepEmail)) {
>             $sql .= "AND SalespersonEmail LIKE '%". $SalesRepEmail ."%' ";
>         }
>         $result = mysql_query ($sql);
>         while ($row = mysql_fetch_object ($result)) {
>             $OrderID = $OrderID .", ". $row->WorkOrderID;
>         }
>     }
> 
>     // Homescape Builder Spec Home
>     if (!empty($CustomerName) || !empty($SalesRep) ||
> !empty($SalesRepEmail)) {
>         $sql = "SELECT WorkOrderID FROM hs_spec_home WHERE WorkOrderID<>''
> ";
>         if (!empty($CustomerName)) {
>             $sql .= "AND CommunityName LIKE '%". $CustomerName ."%' ";
>         }
>         if (!empty($SalesRep)) {
>             $sql .= "AND Salesperson LIKE '%". $SalesRep ."%' ";
>         }
>         if (!empty($SalesRepEmail)) {
>             $sql .= "AND SalespersonEmail LIKE '%". $SalesRepEmail ."%' ";
>         }
>         $result = mysql_query ($sql);
>         while ($row = mysql_fetch_object ($result)) {
>             $OrderID = $OrderID .", ". $row->WorkOrderID;
>         }
>     }
> 
>     // Planet Discover Coupon
>     if (!empty($CustomerName) || !empty($SalesRep) ||
> !empty($SalesRepEmail)) {
>         $sql = "SELECT WorkOrderID FROM pd_coupon WHERE WorkOrderID<>'' ";
>         if (!empty($CustomerName)) {
>             $sql .= "AND BusinessName LIKE '%". $CustomerName ."%' ";
>         }
>         if (!empty($SalesRep)) {
>             $sql .= "AND Salesperson LIKE '%". $SalesRep ."%' ";
>         }
>         if (!empty($SalesRepEmail)) {
>             $sql .= "AND SalespersonEmail LIKE '%". $SalesRepEmail ."%' ";
>         }
>         $result = mysql_query ($sql);
>         while ($row = mysql_fetch_object ($result)) {
>             $OrderID = $OrderID .", ". $row->WorkOrderID;
>         }
>     }
> 
>     // Planet Discover Enhanced Listing
>     if (!empty($CustomerName) || !empty($CustomerEmail) || !empty($SalesRep)
> || !empty($SalesRepEmail)) {
>         $sql = "SELECT WorkOrderID FROM pd_enhanced WHERE WorkOrderID<>'' ";
>         if (!empty($CustomerName)) {
>             $sql .= "AND BusinessName LIKE '%". $CustomerName ."%' ";
>         }
>         if (!empty($CustomerEmail)) {
>             $sql .= "AND Email LIKE '%". $CustomerEmail ."%' ";
>         }
>         if (!empty($SalesRep)) {
>             $sql .= "AND Salesperson LIKE '%". $SalesRep ."%' ";
>         }
>         if (!empty($SalesRepEmail)) {
>             $sql .= "AND SalespersonEmail LIKE '%". $SalesRepEmail ."%' ";
>         }
>         $result = mysql_query ($sql);
>         while ($row = mysql_fetch_object ($result)) {
>             $OrderID = $OrderID .", ". $row->WorkOrderID;
>         }
>     }
> 
>     // Planet Discover Right Side Text Ad
>     if (!empty($CustomerName) || !empty($SalesRep) ||
> !empty($SalesRepEmail)) {
>         $sql = "SELECT WorkOrderID FROM pd_textad WHERE WorkOrderID<>'' ";
>         if (!empty($CustomerName)) {
>             $sql .= "AND Customer LIKE '%". $CustomerName ."%' ";
>         }
>         if (!empty($SalesRep)) {
>             $sql .= "AND Salesperson LIKE '%". $SalesRep ."%' ";
>         }
>         if (!empty($SalesRepEmail)) {
>             $sql .= "AND SalespersonEmail LIKE '%". $SalesRepEmail ."%' ";
>         }
>         $result = mysql_query ($sql);
>         while ($row = mysql_fetch_object ($result)) {
>             $OrderID = $OrderID .", ". $row->WorkOrderID;
>         }
>     }
> 
>     if (substr($OrderID, -2) == ", ") {
>         $OrderID = substr($OrderID, 0, -2);
>     }
> 
>     if (substr($OrderID, 0, 2) == ", ") {
>         $OrderID = substr($OrderID, 2);
>     }
> 
> 
>     $sql = "SELECT WorkOrderID FROM workorders WHERE WorkOrderID IN
> ($OrderID)";


Well, I was going to say this before, in all the other mysql_query() calls, but you might want to look at having something like this for your
mysql_query() function...

Do the following for each mysql_query() call on this page.  Other wise, you are going to have the page die'ing and not have any clue where the problem is.


if ( ($result = mysql_query($sql) ) !== false ) {
	$Total = ceil(mysql_num_rows($result)/$PerPage);
} else {
	echo mysql_error();
}

>     $result = mysql_query ($sql);
>    * $Total = ceil(mysql_num_rows($result)/$PerPage);
>  *
>     $sql = "SELECT WorkOrderID, DATE_FORMAT(CreatedDate,'%m/%e/%y') AS
> SubmitDate, Location, AdminID, FormName, Status FROM ";
>     $sql .= "workorders WHERE WorkOrderID IN ($OrderID) ORDER BY $SortBy
> LIMIT $StartPage, $PerPage";
>     $result = mysql_query ($sql);
> 
> 
> If ($Page > 0) {$PagePrev = ($Page - 1);} else {$PagePrev = '';}
> If ($Page < $Total) {$PageNext = ($Page + 1);} else {$PageNext = '';}
> ?>
> 
> the error is this one: *Warning*: mysql_num_rows(): supplied argument is not
> a valid MySQL result resource in *
> C:\Inetpub\Xampp\htdocs\SNLeader\WOSystemN\ViewOrders.php* on line *182
> 
> Thanks in advance
> *
> 


-- 
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
       and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
    by William Shakespeare

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux