From 69d82cdf2fce7c2c9d2788117dab299dd5b0bc29 Mon Sep 17 00:00:00 2001
From: andryeyev <volodymyr.andryeyev@gmail.com>
Date: Wed, 25 Nov 2015 16:33:42 +0200
Subject: [PATCH] + fix Р»РёС€РЅРµРіРѕ РІРІРѕРґР° РїР°СЂРѕР»РµР№ РґР»СЏ РїРѕРґРєР»СЋС‡РµРЅРёСЏ Рє sql

---
 ajax/rpc.php | 160 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------------------------------------------------------
 1 file changed, 84 insertions(+), 76 deletions(-)
diff --git a/ajax/rpc.php b/ajax/rpc.php
index 8330151..e369762 100644
--- a/ajax/rpc.php
+++ b/ajax/rpc.php
@@ -1,80 +1,88 @@
-<?php
-header("Content-type: text/html; charset=windows-1251");
-?>
-<div id="searchresults">
-<?php
-	define("DB_HOST",'localhost');
-	define("DB_USER",'extremstyle');
-	define("DB_PSW",'Ry4PWmM6GCp3UCTf');
-	define("DB_BASE",'extremstyle');
-	// PHP5 Implementation - uses MySQLi.
-	// mysqli('localhost', 'yourUsername', 'yourPassword', 'yourDatabase');
-	$db = new mysqli(DB_HOST, DB_USER, DB_PSW, DB_BASE);
-	
-	if(!$db) {
-		// Show error if we cannot connect.
-		echo 'ERROR: Could not connect to the database.';
-	} else {
-		$db->query("set names cp1251");
-		// Is there a posted query string?
-		if(isset($_POST['queryString'])) {
-			$queryString = trim($db->real_escape_string(iconv('UTF-8', 'windows-1251', $_POST['queryString'])));
-			$q_row = explode(" ",$queryString);
-			//print_r($q_row);
-			$search = array();
-			foreach($q_row as $row){
-			$search[] = "(catalogs_products.name LIKE  '%".$row."%' OR catalogs_products.text LIKE  '%".$row." %' OR catalogs_products.art LIKE  '%".$row." %' OR catalogs_rubrics.name LIKE  '%".$row."%' OR catalogs_brends.name LIKE  '%".$row."%' OR catalogs_modifications.code='".$row."')";
-			}
-			//print_r($search);
-			// Is the string length greater than 0?
-			if(strlen($queryString) >0) {
-			$sql = "SELECT catalogs_rubrics.translit as translit2,catalogs_rubrics.name as rubric,catalogs_brends.name as brend,catalogs_products.* FROM  catalogs_products 
+<?
+header ("Content-type: text/html; charset=windows-1251");
+
+// Подключение
+include_once ($_SERVER['DOCUMENT_ROOT'] . "/config/config.php");
+
+echo '<div id="searchresults">';
+
+// Is there a posted query string?
+if (isset ($_POST['queryString']))
+{ 
+    $queryString = trim (addslashes (iconv ('UTF-8', 'windows-1251', strip_tags ($_POST['queryString']))));
+    $q_row = explode (" ", $queryString);
+    // print_r($q_row);
+    $search = array ();
+    foreach ($q_row as $row)
+    {
+        $search[] = "(catalogs_products.name LIKE  '%" . $row . "%' OR catalogs_products.text LIKE  '%" . $row . " %' OR catalogs_products.art LIKE  '%" . $row . " %' OR catalogs_rubrics.name LIKE  '%" . $row . "%' OR catalogs_brends.name LIKE  '%" . $row . "%' OR catalogs_modifications.code='" . $row . "')";
+    }
+    // print_r($search);
+    // Is the string length greater than 0?
+    if (strlen ($queryString) > 0)
+    {
+        $sql = "SELECT catalogs_rubrics.translit as translit2,catalogs_rubrics.name as rubric,catalogs_brends.name as brend,catalogs_products.* FROM  catalogs_products 
 			LEFT JOIN catalogs_rubrics ON catalogs_rubrics.id=catalogs_products.rubric_id 
 			LEFT JOIN catalogs_brends ON catalogs_brends.id=catalogs_products.brend_id 
 			LEFT JOIN catalogs_modifications ON catalogs_modifications.product_id=catalogs_products.id
 			WHERE catalogs_products.count_modifications>0 ";
-			//(catalogs_products.name LIKE  '%".$queryString."%' OR catalogs_rubrics.name LIKE  '%".$queryString."%' OR catalogs_brends.name LIKE  '%".$queryString."%') 
-			if(count($search))$sql .= "AND (" . implode(" AND ",$search) . ") ";
-			$sql .= " GROUP BY catalogs_products.id ORDER BY catalogs_products.id DESC limit 6";
-				$query = $db->query($sql);
-				
-				if($query) {
-					// While there are results loop through them - fetching an Object.
-					
-					// Store the category id
-					$catid = 0;
-					while ($result = $query ->fetch_object()) {
-						echo'<div class="row_p">';
-	         			echo '<a href="/'.$result->translit2.'-catalogs/'.$result->translit.'-'.$result->id.'/">';
-	         			echo '<img class="pic" width="100" src="/uploaded/pic/catalogs/products/'.$result->pic.'" alt="" />';
-	         			
-	         			$name = $result->name;
-	         			if(strlen($name) > 35) { 
-	         				$name = substr($name, 0, 35) . "...";
-	         			}	         			
-	         			echo "<p>".$result->rubric . ' <span class="searchheading">'.$name.'</span></p>';
-						echo "<p>Компания ".$result->brend . '</p>';
-						echo '<p><span class="cost1">'.$result->cine.' грн.</span></p>';
-	         			
-	         		/**	$description = $result->desc;
-	         			if(strlen($description) > 80) { 
-	         				$description = substr($description, 0, 80) . "...";
-	         			}
-	         			
-	         			echo '<span>'.$description.'</span>';**/
-						echo'</a>';
-	         		echo'<div class="both"></div></div>';
-					}
-	         		echo '<span class="seperator"><a href="/catalogs/?search_str='.urlencode($queryString).'">Все результаты поиска</a></span>';
-				} else {
-					echo 'ERROR: There was a problem with the query.';
-				}
-			} else {
-				// Dont do anything.
-			} // There is a queryString.
-		} else {
-			echo 'There should be no direct access to this script!';
-		}
-	}
-?>
-</div>
\ No newline at end of file
+        // (catalogs_products.name LIKE '%".$queryString."%' OR catalogs_rubrics.name LIKE '%".$queryString."%' OR catalogs_brends.name LIKE '%".$queryString."%')
+        if (count ($search))
+            $sql .= "AND (" . implode (" AND ", $search) . ") ";
+        $sql .= " GROUP BY catalogs_products.id ORDER BY catalogs_products.id DESC limit 6";  
+        $query = mysql_query ($sql) or die (mysql_error ());
+        if (mysql_affected_rows () != 0)
+        {
+  
+            // While there are results loop through them - fetching an Object.
+            
+            // Store the category id
+            $catid = 0;
+
+            while ($result = mysql_fetch_assoc ($query))
+            { 
+                echo '<div class="row_p">';
+                echo '<a href="/' . $result['translit2'] . '-catalogs/' . $result['translit'] . '-' . $result['id'] . '/">';
+                echo '<img class="pic" width="100" src="/uploaded/pic/catalogs/products/' . $result['pic'] . '" alt="" />';
+                
+                $name = $result['name'];
+                
+                if (strlen ($name) > 35)
+                {
+                    $name = substr ($name, 0, 35) . "...";
+                }
+
+                echo "<p>" . $result['rubric'] . ' <span class="searchheading">' . $name . '</span></p>';
+                echo "<p>Компания " . $result['brend'] . '</p>';
+                echo '<p><span class="cost1">' . $result['cine'] . ' грн.</span></p>';
+                
+                /**
+                 * $description = $result['desc'];
+                 * if(strlen($description) > 80) {
+                 * $description = substr($description, 0, 80) .
+                 * "...";
+                 * }
+                 *
+                 * echo '<span>'.$description.'</span>';*
+                 */
+                echo '</a>';
+                echo '<div class="both"></div></div>';
+            }
+            echo '<span class="seperator"><a href="/catalogs/?search_str=' . urlencode ($queryString) . '">Все результаты поиска</a></span>';
+        }
+        else
+        {
+            echo 'ничего не найдено';
+        }
+    }
+    else
+    {
+        // Dont do anything.
+    } // There is a queryString.
+}
+else
+{
+    echo 'There should be no direct access to this script!';
+}
+
+echo '</div>';
\ No newline at end of file
--
libgit2 0.21.4

