0

i have this error appear on search page while searching for anything on search form .

i attach the search page code .

<?php
include_once('header.php');
$p='';
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    if (isset($_POST['sword'])){

            echo $sword=trim($_POST['sword']) ;



    }
}

            $sql="SELECT * FROM news where status=1 and title like \"%$sword%\"  ORDER BY n_id DESC";
$rs = mysql_query($sql)or die(mysql_error());
$nr = @mysql_num_rows($rs);

;


?>


<style type="text/css">


.createdate{ color:#999; font-size:12px; font-weight:normal;}
    .section{
    float:right;
    height:60px;
    overflow:hidden;
    padding:5px;
    text-align:right;
    direction:rtl;  
    width: 335px;
    padding-bottom:13px;
    border-bottom:1px dotted #CCC;
    margin-right:10px;
}
.section #linkText a:link, .section #linkText a:visited{
font-family: almtwerd,helvetica,arial,tahoma;
font-size: 11px;
font-weight: normal;
    text-align:right;
    direction:rtl;
    color:#333;
    text-decoration:none;
}


.section #linkText a:hover{
font-family: almtwerd,helvetica,arial,tahoma;
font-size: 11px;
font-weight: normal;
    text-align:right;
    direction:rtl;
    color:#036;
    text-decoration:none;
}

.section #brief {
font-family: almtwerd,helvetica,arial,tahoma;
font-size: 8px;
font-weight: normal;
    text-align:right;
    direction:rtl;
    color:#000;
    font-weight:normal;
    overflow:hidden;
    padding-bottom:5px;
}

.section #brief img {
    border:1px solid #CCC;
    padding:3px;
    float:left;
    margin-right:5px;

}

.section img {
    border:1px solid #CCC;
    padding:3px;
    float:right;
    margin-left:5px;
width: 80px;
height: 60px;
}
.section:hover{
    background-color:#d1dde5;
}









div.pagination {
 padding: 3px;
 margin: 3px;

 direction:rtl;
}
div.pagination a {
 padding: 2px 5px 2px 5px;
 margin: 2px;
 border: 1px solid #AAAADD;

 text-decoration: none; /* no underline */
 color: #000099;
}
div.pagination a:hover, div.pagination a:active {
 border: 1px solid #003d00;
 color: #003d00;
}
div.pagination span.current {
 padding: 2px 5px 2px 5px;
 margin: 2px;
  border: 1px solid #003d00;

  font-weight: bold;
  background-color: #dbfd9b;
  color: #003d00;
 }
 div.pagination span.disabled {
  padding: 2px 5px 2px 5px;
  margin: 2px;
  border: 1px solid #EEE;

  color: #DDD;
 } 
    ul.pagination li.details{
       color:#FFA200;
    }

    ul.pagination li a
    {
               color: #fff;
        background:#699613;
        background:-moz-linear-gradient(top,#87AB19,#699613);
        background:-webkit-gradient(linear,0 0,0 100%,from(#87AB19),to(#699613));
            float:right;
    text-align:right;
    font-size:14px;
    font-weight:normal;
    }

    ul.pagination li
    {
        padding-bottom:1px;
    }

    ul.pagination li a:hover,
    ul.pagination li a.current
    {   
        color:#FFFFFF;
        box-shadow:0px 1px #E7E7E7;
        -moz-box-shadow:0px 1px #E7E7E7;
        -webkit-box-shadow:0px 1px #E7E7E7;       
    }

    ul.pagination li a:hover,
    ul.pagination li a.current
    {
        color:#893A00;
        text-shadow:0px 1px #FFEF42;
        border-color:#FFA200;
        background:#FFC800;
        background:-moz-linear-gradient(top,#FFFFFF 1px,#FFEA01 1px,#FFC800);
        background:-webkit-gradient(linear,0 0,0 100%,color-stop(0.02,#FFFFFF),color-stop(0.02,#FFEA01),color-stop(1,#FFC800));
    } 










</style>

<table border="0" dir="rtl" width="990px">
<tr>
<td width="730px" valign="top">
     <div class="cat-box-content" style="margin: 5px;">
<h2 class="title" style="border-color: Default;"> <a href="index.htm"> الرئيسية</a> &raquo;
<a>نتائج البحث </a>
</h2>

   <div style="clear: both;"></div>






    <?php



        $adjacents = 3;




        //$total_pages = $total_pages[num];

        $targetpage = "search.htm";
        $limit = 20;

        if($p)
        $start = ($p-1) * $limit;
        else
        $start = 0;



        if ($p == 0) $p = 1;
        $prev = $p - 1;
        $next = $p + 1;
        $lastpage = ceil($total_pages/$limit);

        $lpm1 = $lastpage - 1;

        $pagination = "";
        if($lastpage > 1)
        {
            $pagination .= "<div class=\"pagination\">";
            if ($p > 1)
            $pagination.= "<a href=\"$targetpage?p=$prev\">« السابق</a>";
            else
            $pagination.= "<span class=\"disabled\">« السابق</span>";

            if ($lastpage < 7 + ($adjacents * 2))
            {
                for ($counter = 1; $counter <= $lastpage; $counter++)
                {
                    if ($counter == $p)
                    $pagination.= "<span class=\"current\">$counter</span>";
                    else
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=$counter\">$counter</a>";
                }
            }
            elseif($lastpage > 5 + ($adjacents * 2))
            {
                if($p < 1 + ($adjacents * 2))
                {
                    for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++)
                    {
                        if ($counter == $p)
                        $pagination.= "<span class=\"current\">$counter</span>";
                        else
                        $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=$counter\">$counter</a>";
                    }
                    $pagination.= "...";
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=$lpm1\">$lpm1</a>";
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=$lastpage\">$lastpage</a>";
                }

                elseif($lastpage - ($adjacents * 2) > $p && $p > ($adjacents * 2))
                {
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=1\">1</a>";
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=2\">2</a>";
                    $pagination.= "...";
                    for ($counter = $p - $adjacents; $counter <= $p + $adjacents; $counter++)
                    {
                        if ($counter == $p)
                        $pagination.= "<span class=\"current\">$counter</span>";
                        else
                        $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=$counter\">$counter</a>";
                    }
                    $pagination.= "...";
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=$lpm1\">$lpm1</a>";
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=$lastpage\">$lastpage</a>";
                }
                else
                {
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=1\">1</a>";
                    $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=2\">2</a>";
                    $pagination.= "...";
                    for ($counter = $lastpage - (2 + ($adjacents * 2)); $counter <= $lastpage; $counter++)
                    {
                        if ($counter == $p)
                        $pagination.= "<span class=\"current\">$counter</span>";
                        else
                        $pagination.= "<a href=\"$targetpage?sid=$s_id&&p=$counter\">$counter</a>";
                    }
                }
            }
            if ($p < $counter - 1)
            $pagination.= "&nbsp;&nbsp;<a href=\"$targetpage?sid=$s_id&&p=$next\">التالي»</a>";
            else
            $pagination.= "<span class=\"disabled\">التالي»</span>";
            $pagination.= "</div>\n";
        }
        $sql = "SELECT * FROM news where status=1 and title like \"%$sword%\"  ORDER BY n_id DESC LIMIT $start, $limit";
        $result = mysql_query($sql);
        $upload="upload/";
        ?> <?php
        $count=mysql_num_rows($result);
        echo "<br/><b><font style='font-family: almtwerd,helvetica,arial,tahoma;
font-size: 11px;
font-weight: normal;'>هناك&nbsp;".$count."&nbsp; من النتائج</font></b><br /> <hr />";
        while($row=mysql_fetch_array($result)){
            $text = substr($row[3],0,400);
            $text=strip_tags($text);
            ?>

 <div class="section">
               <img src="<?php echo $site_url;?>upload/small/<?php echo $row[image];?>" width="80" height="60"  />
                <div id="linkText">

                  <a href="news-<?php echo $row[n_id]?>.htm">
                   <?php echo $row[title]?>               </a>

                </div>
                <div id="brief"></div></div>



        <?php
        }
        ?>






















   <div style="clear: both;"></div>

</div> 
</td>
<td width="260px" valign="top"><?php @include_once('left.php')?></td>
</tr>
</table>
<?php include('footer.php');?>
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Mustafa Shafout
  • 41
  • 1
  • 7
  • Where are you connecting to the database? – Epodax Nov 03 '15 at 13:09
  • i have two different sites which have the same CMS and same code and one is working good on search and another is not . – Mustafa Shafout Nov 03 '15 at 13:10
  • And does both of them not require a password to access the database? – Epodax Nov 03 '15 at 13:12
  • Yes the other website is work well – Mustafa Shafout Nov 03 '15 at 13:12
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Nov 03 '15 at 13:22
  • If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Nov 03 '15 at 13:22
  • The error simply means no connection is established, but this is all code except the code that is needed to answer this question. Please add the MySQL connection code i.e. the code that establishes the connection. – sidneydobber Nov 03 '15 at 13:34

1 Answers1

0

I think XXX is not root user.

So you must add select privileges to yours XXX user on your database.

exemple :

GRANT ALL ON yourDbName.* TO 'XXX'@'localhost';
flush privileges;
ThinkTank
  • 1,187
  • 9
  • 15