0

im creating a search page for my site as you can SEE HERE

which i got from this tutorial

when entering anything in to the search box and hitting search im getting a few errors saying:

**Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in article.php on line 46

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in article.php on line 46

Warning: mysql_query() [function.mysql-query]: Access denied for user 'root'@'localhost' (using password: NO) in article.php on line 61

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in article.php on line 61

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in article.php on line 64

can anyone see what it means?

my search.php code is this: 

<?php

include_once('include/connection.php');
include_once('include/article.php');


$article = new storearticle();

$articles = $article->fetch_all();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />

<title>Search Xclo</title>
<link rel="stylesheet" href="other.css" />
</head>

<body>

<div>
 <h1>Search</h1>
<form action="" method="GET">
<p>

<input type="text" name="term" />
<input type="submit" value="search" />
</p>
</form>
</div>

<div>
    <?PHP

 if (empty($_GET['term']) === false){
   $search_results = search_posts($_GET['term']);

if (empty($search_results)){
    echo 'Your Search Returned No Results.';
    }

   foreach ($search_results as $result){
      echo "<h3>($result['title'])</h3>";
      echo "<p>($result['body'])</p>";    
      }

}
?>
</div>
</body>

</html>

and my article.php is this: 

    <?php

class storearticle {
public function fetch_all(){
    global $pdo;
      $query = $pdo->prepare("SELECT * FROM mobi");
      $query->execute();
return $query->fetchAll();
              }

public function fetch_data($promo_title) {
   global $pdo;

 $query = $pdo->prepare("SELECT * FROM mobi WHERE promo_title = ?");
  $query->bindValue(1, $promo_title);
   $query->execute();

return $query->fetch(); 

}

}

class category {
public function fetch_all(){
    global $pdo;
      $query = $pdo->prepare("SELECT DISTINCT `promo_cat` FROM mobi");
      $query->execute();
return $query->fetchAll();
              }

public function fetch_data($promo_cat) {
   global $pdo;

 $query = $pdo->prepare("SELECT DISTINCT * FROM mobi WHERE `something`  = 'something'");
  $query->bindValue(1, $promo_cat);
   $query->execute();

return $query->fetch(); 

}

}

function search_posts($term){
    $keywords = preg_split('#\s+#',mysql_real_escape_string($term));

$title_where   = "'promo_title' LIKE '%" . implode("%' OR 'promo_title' LIKE '%", $keywords) . "%'";
$content_where   = "'promo_content' LIKE '%" . implode("%' OR 'promo_content' LIKE '%", $keywords) . "%'";
$name_where   = "'promo_name' LIKE '%" . implode("%' OR 'promo_name' LIKE '%", $keywords) . "%'";

 $sql = "SELECT 
              'promo_title' AS 'title',
              LEFT('promo_content', 100) AS 'body',
              'promo_name' AS 'name'
              FROM 'mobi'
              WHERE {$title_where}
              OR {$content_where}
              OR {$name_where}";

    $result = mysql_query($sql);

    $results = array();
    while (($row = mysql_fetch_Assoc($result)) !== false){
        $results[] = $row;

     return $results;
}
}



?>

my connection.php code is this:

<?php

try {
$pdo = new PDO('mysql:host=localhost;dbname=xclo', 'xclo', 'xclo');
}catch (PDOException $e){
  exit('Database Error.');
}

?>

What can I add to this page to make it work?

thanks.

Andrew Barber
  • 39,603
  • 20
  • 94
  • 123
kevstarlive
  • 260
  • 4
  • 20
  • Can you show the output of `echo $sql;` – Andy Gee Jul 31 '13 at 11:29
  • Please edit your question and include the error message here. SO works by being a record of how to solve problems if the error is fixed no one can see what the problem was then this question is of no benefit for SO users – Anigel Jul 31 '13 at 11:29
  • Kindly echo the $sql query to know where is the problem or paste it here – Vineet1982 Jul 31 '13 at 11:29
  • possible duplicate of [Reference - What does this error mean in PHP?](http://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) – Yogesh Suthar Jul 31 '13 at 11:32
  • Yogesh Suthar this is not related. – kevstarlive Jul 31 '13 at 11:40
  • Please do not change qýour question completely into seomething else. If you solved a problem and face another then ask a new question. – juergen d Jul 31 '13 at 12:01
  • juergen d. thanks for this. I have done it before but all i get is my new post closed as a duplicate. but it describes a new topic. – kevstarlive Jul 31 '13 at 12:04

4 Answers4

1

Replace:

echo "<h3>($result['title'])</h3>";
echo "<p>($result['body'])</p>";

With:

echo "<h3>{$result['title']}</h3>";
echo "<p>{$result['body']}</p>";
PaulRoth
  • 314
  • 1
  • 8
  • This fixes the parse error. Next you need to fix your search_posts function. Column and table names must be escaped with `, not with '. – PaulRoth Jul 31 '13 at 11:40
1

Try

echo "<h3>{$result['title']}</h3>";
echo "<p>{$result['body'])}</p>";

OR Try

echo "<h3>".$result['title']."</h3>";
echo "<p>".$result['body']."</p>";

Instead of

echo "<h3>($result['title'])</h3>";
echo "<p>($result['body'])</p>";

EDIT

Now for your updated question, as the error suggests, you are not connected to the mysql database for carrying out the concerned operations.

You can try passing a link identifier to the mysql_real_escape_string function like

$keywords = preg_split('#\s+#',mysql_real_escape_string($term, $con));

where $con defines your mysql connection.

Sid
  • 854
  • 9
  • 23
1

You have to make one connection to MySql server before using mysql_real_escape_string.

See: http://php.net/manual/de/book.mysql.php or http://php.net/manual/de/book.pdo.php

EDIT: Try this (not tested):

function search_posts($term)
{
  global $pdo;

  $keywords = preg_split('#\s+#', $term);

  $title_where = "'promo_title' LIKE '%" . implode("%' OR 'promo_title' LIKE '%", $keywords) . "%'";
  $content_where = "'promo_content' LIKE '%" . implode("%' OR 'promo_content' LIKE '%", $keywords) . "%'";
  $name_where = "'promo_name' LIKE '%" . implode("%' OR 'promo_name' LIKE '%", $keywords) . "%'";

  $sql = "SELECT
          'promo_title' AS 'title',
          LEFT('promo_content', 100) AS 'body',
          'promo_name' AS 'name'
          FROM 'mobi'
          WHERE {$title_where}
          OR {$content_where}
          OR {$name_where}";

  return $pdo->query($sql)->fetchAll(PDO::FETCH_ASSOC);
}

EDIT: Oh sorry, try this ;-)

function search_posts($term)
{
  global $pdo;

  $keywords = preg_split('#\s+#', $term);

  $title_where = "`promo_title` LIKE '%" . implode("%' OR `promo_title` LIKE '%", $keywords) . "%'";
  $content_where = "`promo_content` LIKE '%" . implode("%' OR `promo_content` LIKE '%", $keywords) . "%'";
  $name_where = "`promo_name` LIKE '%" . implode("%' OR `promo_name` LIKE '%", $keywords) . "%'";

  $sql = "SELECT
          `promo_title` AS 'title',
          LEFT(`promo_content`, 100) AS 'body',
          `promo_name` AS 'name'
          FROM `mobi`
          WHERE {$title_where}
          OR {$content_where}
          OR {$name_where}";

  return $pdo->query($sql)->fetchAll(PDO::FETCH_ASSOC);
}
PaulRoth
  • 314
  • 1
  • 8
  • I have made a connection. it is stored within "include_once('include/connection.php');" the question is why is it not working? – kevstarlive Jul 31 '13 at 11:51
  • my connection page works on the rest of my site. how is it suddenly not correct now? would it help if i post the connection code? – kevstarlive Jul 31 '13 at 11:55
  • But you do not use the PDO in search_posts(). – PaulRoth Jul 31 '13 at 12:01
  • so what do I add to the search_posts() to connect to PDO? – kevstarlive Jul 31 '13 at 12:05
  • thanks. i will edit my article page to reflect its current display but im now only getting 1 error. this is Fatal error: Call to a member function fetchAll() on a non-object in article.php on line 64 – kevstarlive Jul 31 '13 at 12:11
0

The problem is with 

echo "<h3>($result['title'])</h3>";

the problem is that php will not parse this correctly unless the variable is either concatenated with the echo 

echo "<h3>(".$result['title'].")</h3>";

or encapsulted with {}

echo "<h3>({$result['title']})</h3>";
Anigel
  • 3,435
  • 1
  • 17
  • 23
  • You are not including connection.php in your article.php page – Anigel Jul 31 '13 at 12:01
  • Hi anigel. As article is just a functions page and no one will ever land on it, it does not matter. The search page does calls both the connection and article. So it is pointless that connection will be read twice. Which could cause more problems. – kevstarlive Aug 04 '13 at 06:59