Administrator / extrem

Commit 69d82cdf2fce7c2c9d2788117dab299dd5b0bc29

Authored by andryeyev
1 parent 51634459

+ fix лишнего ввода паролей для подключения к sql

Showing 1 changed file with 84 additions and 76 deletions   Show diff stats
Inline Side-by-side
ajax/rpc.php
  Show/Hide comments   View file @69d82cd
1   -<?php
2   -header("Content-type: text/html; charset=windows-1251");
3   -?>
4   -<div id="searchresults">
5   -<?php
6   - define("DB_HOST",'localhost');
7   - define("DB_USER",'extremstyle');
8   - define("DB_PSW",'Ry4PWmM6GCp3UCTf');
9   - define("DB_BASE",'extremstyle');
10   - // PHP5 Implementation - uses MySQLi.
11   - // mysqli('localhost', 'yourUsername', 'yourPassword', 'yourDatabase');
12   - $db = new mysqli(DB_HOST, DB_USER, DB_PSW, DB_BASE);
13   -
14   - if(!$db) {
15   - // Show error if we cannot connect.
16   - echo 'ERROR: Could not connect to the database.';
17   - } else {
18   - $db->query("set names cp1251");
19   - // Is there a posted query string?
20   - if(isset($_POST['queryString'])) {
21   - $queryString = trim($db->real_escape_string(iconv('UTF-8', 'windows-1251', $_POST['queryString'])));
22   - $q_row = explode(" ",$queryString);
23   - //print_r($q_row);
24   - $search = array();
25   - foreach($q_row as $row){
26   - $search[] = "(catalogs_products.name LIKE '%".$row."%' OR catalogs_products.text LIKE '%".$row." %' OR catalogs_products.art LIKE '%".$row." %' OR catalogs_rubrics.name LIKE '%".$row."%' OR catalogs_brends.name LIKE '%".$row."%' OR catalogs_modifications.code='".$row."')";
27   - }
28   - //print_r($search);
29   - // Is the string length greater than 0?
30   - if(strlen($queryString) >0) {
31   - $sql = "SELECT catalogs_rubrics.translit as translit2,catalogs_rubrics.name as rubric,catalogs_brends.name as brend,catalogs_products.* FROM catalogs_products
  1 +<?
  2 +header ("Content-type: text/html; charset=windows-1251");
  3 +
  4 +// Ïîäêëþ÷åíèå
  5 +include_once ($_SERVER['DOCUMENT_ROOT'] . "/config/config.php");
  6 +
  7 +echo '<div id="searchresults">';
  8 +
  9 +// Is there a posted query string?
  10 +if (isset ($_POST['queryString']))
  11 +{
  12 + $queryString = trim (addslashes (iconv ('UTF-8', 'windows-1251', strip_tags ($_POST['queryString']))));
  13 + $q_row = explode (" ", $queryString);
  14 + // print_r($q_row);
  15 + $search = array ();
  16 + foreach ($q_row as $row)
  17 + {
  18 + $search[] = "(catalogs_products.name LIKE '%" . $row . "%' OR catalogs_products.text LIKE '%" . $row . " %' OR catalogs_products.art LIKE '%" . $row . " %' OR catalogs_rubrics.name LIKE '%" . $row . "%' OR catalogs_brends.name LIKE '%" . $row . "%' OR catalogs_modifications.code='" . $row . "')";
  19 + }
  20 + // print_r($search);
  21 + // Is the string length greater than 0?
  22 + if (strlen ($queryString) > 0)
  23 + {
  24 + $sql = "SELECT catalogs_rubrics.translit as translit2,catalogs_rubrics.name as rubric,catalogs_brends.name as brend,catalogs_products.* FROM catalogs_products
32 25 LEFT JOIN catalogs_rubrics ON catalogs_rubrics.id=catalogs_products.rubric_id
33 26 LEFT JOIN catalogs_brends ON catalogs_brends.id=catalogs_products.brend_id
34 27 LEFT JOIN catalogs_modifications ON catalogs_modifications.product_id=catalogs_products.id
35 28 WHERE catalogs_products.count_modifications>0 ";
36   - //(catalogs_products.name LIKE '%".$queryString."%' OR catalogs_rubrics.name LIKE '%".$queryString."%' OR catalogs_brends.name LIKE '%".$queryString."%')
37   - if(count($search))$sql .= "AND (" . implode(" AND ",$search) . ") ";
38   - $sql .= " GROUP BY catalogs_products.id ORDER BY catalogs_products.id DESC limit 6";
39   - $query = $db->query($sql);
40   -
41   - if($query) {
42   - // While there are results loop through them - fetching an Object.
43   -
44   - // Store the category id
45   - $catid = 0;
46   - while ($result = $query ->fetch_object()) {
47   - echo'<div class="row_p">';
48   - echo '<a href="/'.$result->translit2.'-catalogs/'.$result->translit.'-'.$result->id.'/">';
49   - echo '<img class="pic" width="100" src="/uploaded/pic/catalogs/products/'.$result->pic.'" alt="" />';
50   -
51   - $name = $result->name;
52   - if(strlen($name) > 35) {
53   - $name = substr($name, 0, 35) . "...";
54   - }
55   - echo "<p>".$result->rubric . ' <span class="searchheading">'.$name.'</span></p>';
56   - echo "<p>Êîìïàíèÿ ".$result->brend . '</p>';
57   - echo '<p><span class="cost1">'.$result->cine.' ãðí.</span></p>';
58   -
59   - /** $description = $result->desc;
60   - if(strlen($description) > 80) {
61   - $description = substr($description, 0, 80) . "...";
62   - }
63   -
64   - echo '<span>'.$description.'</span>';**/
65   - echo'</a>';
66   - echo'<div class="both"></div></div>';
67   - }
68   - echo '<span class="seperator"><a href="/catalogs/?search_str='.urlencode($queryString).'">Âñå ðåçóëüòàòû ïîèñêà</a></span>';
69   - } else {
70   - echo 'ERROR: There was a problem with the query.';
71   - }
72   - } else {
73   - // Dont do anything.
74   - } // There is a queryString.
75   - } else {
76   - echo 'There should be no direct access to this script!';
77   - }
78   - }
79   -?>
80   -</div>
81 29 \ No newline at end of file
  30 + // (catalogs_products.name LIKE '%".$queryString."%' OR catalogs_rubrics.name LIKE '%".$queryString."%' OR catalogs_brends.name LIKE '%".$queryString."%')
  31 + if (count ($search))
  32 + $sql .= "AND (" . implode (" AND ", $search) . ") ";
  33 + $sql .= " GROUP BY catalogs_products.id ORDER BY catalogs_products.id DESC limit 6";
  34 + $query = mysql_query ($sql) or die (mysql_error ());
  35 + if (mysql_affected_rows () != 0)
  36 + {
  37 +
  38 + // While there are results loop through them - fetching an Object.
  39 +
  40 + // Store the category id
  41 + $catid = 0;
  42 +
  43 + while ($result = mysql_fetch_assoc ($query))
  44 + {
  45 + echo '<div class="row_p">';
  46 + echo '<a href="/' . $result['translit2'] . '-catalogs/' . $result['translit'] . '-' . $result['id'] . '/">';
  47 + echo '<img class="pic" width="100" src="/uploaded/pic/catalogs/products/' . $result['pic'] . '" alt="" />';
  48 +
  49 + $name = $result['name'];
  50 +
  51 + if (strlen ($name) > 35)
  52 + {
  53 + $name = substr ($name, 0, 35) . "...";
  54 + }
  55 +
  56 + echo "<p>" . $result['rubric'] . ' <span class="searchheading">' . $name . '</span></p>';
  57 + echo "<p>Êîìïàíèÿ " . $result['brend'] . '</p>';
  58 + echo '<p><span class="cost1">' . $result['cine'] . ' ãðí.</span></p>';
  59 +
  60 + /**
  61 + * $description = $result['desc'];
  62 + * if(strlen($description) > 80) {
  63 + * $description = substr($description, 0, 80) .
  64 + * "...";
  65 + * }
  66 + *
  67 + * echo '<span>'.$description.'</span>';*
  68 + */
  69 + echo '</a>';
  70 + echo '<div class="both"></div></div>';
  71 + }
  72 + echo '<span class="seperator"><a href="/catalogs/?search_str=' . urlencode ($queryString) . '">Âñå ðåçóëüòàòû ïîèñêà</a></span>';
  73 + }
  74 + else
  75 + {
  76 + echo 'íè÷åãî íå íàéäåíî';
  77 + }
  78 + }
  79 + else
  80 + {
  81 + // Dont do anything.
  82 + } // There is a queryString.
  83 +}
  84 +else
  85 +{
  86 + echo 'There should be no direct access to this script!';
  87 +}
  88 +
  89 +echo '</div>';
82 90 \ No newline at end of file
... ...