<?php
session_start();
header("Cache-control: private"); // IE 6 Fix.
include_once("common_db.php");
include_once("functions.php");
//This function takes in a condition and the pattern and returns the MySQL syntax for a search
//condition with these parameters
function getSearchConditionSyntax($condition, $search_condition_pattern)
{
if($condition == "contains")
return "LIKE '%$search_condition_pattern%'";
else if($condition == "not_contains")
return "NOT LIKE '%$search_condition_pattern%'";
else if($condition == "is")
return "= '$search_condition_pattern'";
else if($condition == "is_not")
return "!= '$search_condition_pattern'";
else if($condition == "starts_with")
return "LIKE '$search_condition_pattern%'";
else if($condition == "not_starts_with")
return "NOT LIKE '$search_condition_pattern%'";
else if($condition == "ends_with")
return "LIKE '%$search_condition_pattern'";
else
return "NOT LIKE '%$search_condition_pattern'";
}
function isPositiveSearchCondition($search_condition_operator)
{
if($search_condition_operator == "not_contains")
return false;
else if($search_condition_operator == "is_not")
return false;
else if($search_condition_operator == "not_starts_with")
return false;
else if($search_condition_operator == "not_ends_with")
return false;
else
return true;
}
//This function receives an array of search condition patterns that are part of positive
//search conditions as its first parameter and the content of a cell as its next. $cell_content //is case insensitive searched for matches to each of the members of $positive_operator_patterns// If a match is found, the function returns true. This function is used when printing out the
//earch results table, so that cell contents that match positive search conditions can be
//highlighted.
function patternMatch($positive_operator_patterns, $cell_content)
{
for($i=0; $i<count($positive_operator_patterns); $i++)
{
if(eregi($positive_operator_patterns[$i], $cell_content))
return true;
}
return false;
}
//Because MySQL can not enforce case sensitivty in SQL queries, there is a need to enforce
//case sensitivity with PHP if case sensitivity is specified in the search. This function
//checks the table row '$row' to ensure that the row strictly contains a patten searched for, as//opposed to either lower or upper case, which is what MySQL does.
function caseSensitiveFilter($row, $row_length, $positive_operator_patterns)
{
for($i=0; $i<count($positive_operator_patterns); $i++)
{
for($j=0; $j<$row_length; $j++)
{
if(ereg($positive_operator_patterns[$i], $row[$j]))
return true;
}
}
return false;
}
dbconnect($host, $username, $password);
headers();
html(); //<html>
head("Search Results"); //<head><title>Search Results</title></head>
menu(); //<body> [[the menu]]
navpane(); //[[navigation]]
echo('<div id="mainpane">');
if(isset($_REQUEST['database'])) {
$db = $_REQUEST['database'];
} else {
if($_SESSION['current_db'] != '') {
$db = $_SESSION['current_db'];
} else {
echo "<p>Please go via the <a href=\"search.php\">search</a> page.</p>";
}
}
if(isset($_REQUEST['database'])) {
$table = $_REQUEST['table'];
} else {
echo "<p>Please go via the <a href=\"search.php\">search</a> page.</p>";
}
//If 'search_result.php' is called by 'advanced_search.php', then the $advanced variable will be//given a value of "yes", indicating that the search is an advanced search as opposed to a
//search
if(isset($_REQUEST['advanced'])) {
$advanced = true;
} else {
$advanced = false;
}
//If a case sensitive search is selected in 'search.php', then
//the $case_sensitive variable will be given a value of "yes", indicating that the search is
//to be case sensitive.
if(isset($_REQUEST['cs'])) {
$case_sensitive = false;
} else {
$case_sensitive = false;
}
//Get the current users status
$user_status = get_currentuser_status();
mysql_select_db($db) or die("Couldn't select database $db");
//Search
if($advanced == false)
{
$search_condition_pattern = $_REQUEST['pattern'];
//SELECT * FROM table WHERE ...
$where_part = "WHERE ";
$table_fields = mysql_list_fields("$db", "$table");
$amount_of_fields = mysql_num_fields($table_fields);
if($case_sensitive != "yes")
{
for($i=0; $i < $amount_of_fields-1; $i++)
{
//$where_part = "WHERE "
//"WHERE id LIKE '%search%' OR name LIKE '%search%' OR "
$where_part .= mysql_field_name($table_fields, $i) . " LIKE '%$search_condition_pattern%' OR ";
}
$where_part .= mysql_field_name($table_fields, $i) . " LIKE '%$search_condition_pattern%'";
//"WHERE id LIKE '%search%' OR name LIKE '%search%' OR password LIKE '%search%'"
}
else
{
for($i=0; $i < $amount_of_fields-1; $i++)
{
$where_part .= mysql_field_name($table_fields, $i) . " = '$search_condition_pattern' OR ";
}
$where_part .= mysql_field_name($table_fields, $i) . " = '$search_condition_pattern'";
}
}
//Advanced Search
else
{
//Collect all the search condition operators from 'advanced_search.php' and store them in
//the '$search_condition_operators' array. Do the same for all the search condition patterns.
if ($_REQUEST)
{
//Keeps count of all the search condition operators passed by 'advanced_search.php'
$search_condition_operator_count=0;
//Keeps count of all the search condition patterns passed by 'advanced_search.php'
$search_condition_pattern_count=0;
while (list($lvar, $lvalue) = each($_REQUEST))
foreach($_REQUEST as $lvar => $lvalue)
{
if (ereg ("^operator", $lvar))
{
$search_condition_operators[$search_condition_operator_count]=$lvalue;
$search_condition_operator_count++;
}
if (ereg ("^pattern", $lvar))
{
$search_condition_patterns[$search_condition_pattern_count]=$lvalue;
$search_condition_pattern_count++;
}
}
}
//Keeps count of all the positive search conditions
$positive_operator_pattern_count=0;
for($i=0; $i < $search_condition_pattern_count; $i++)
{
if(isPositiveSearchCondition($search_condition_operators[$i]))
{
$positive_operator_patterns[$positive_operator_pattern_count]=$search_condition_patterns[$i];
$positive_operator_pattern_count++;
}
}
$where_part = "WHERE ";
$table_fields = mysql_list_fields("$db", "$table");
$amount_of_fields = mysql_num_fields($table_fields);
// Calculating the WHERE part
for($j=0; $j < $search_condition_pattern_count-1; $j++)
{
//If a search condition is positive, we want a string of the form:
//field1='pattern' OR field2='pattern' ... OR fieldn='pattern'
if(isPositiveSearchCondition($search_condition_operators[$j]))
{
for($i=0; $i < $amount_of_fields; $i++)
{
$where_part .= mysql_field_name($table_fields, $i) . " ".getSearchConditionSyntax($search_condition_operators[$j], $search_condition_patterns[$j])." OR ";
}
}
else
{
$where_part .= "(";
for($i=0; $i < $amount_of_fields-1; $i++)
{
$where_part .= mysql_field_name($table_fields, $i)." ".getSearchConditionSyntax($search_condition_operators[$j], $search_condition_patterns[$j])." AND ";
}
$where_part .= mysql_field_name($table_fields, $i)." ".getSearchConditionSyntax($search_condition_operators[$j], $search_condition_patterns[$j]).") OR ";
}
}
//The first '$search_condition_pattern_count-1' patterns have been added to the WHERE part.
//The addition of the last pattern to the WHERE part has to be dealt with a little
//differently because we don't want it trailing with and 'OR'. So we cannot use the previous
//for loop and add it here
if(isPositiveSearchCondition($search_condition_operators[$j]))
{
for($i=0; $i < $amount_of_fields-1; $i++)
{
$where_part .= mysql_field_name($table_fields, $i)." ".getSearchConditionSyntax($search_condition_operators[$j], $search_condition_patterns[$j])." OR ";
}
$where_part .= mysql_field_name($table_fields, $i)." ".getSearchConditionSyntax($search_condition_operators[$j], $search_condition_patterns[$j]);
}
else
{
$where_part .= "(";
for($i=0; $i < $amount_of_fields-1; $i++)
{
$where_part .= mysql_field_name($table_fields, $i)." ".getSearchConditionSyntax($search_condition_operators[$j], $search_condition_patterns[$j])." AND ";
}
$where_part .= mysql_field_name($table_fields, $i)." ".getSearchConditionSyntax($search_condition_operators[$j], $search_condition_patterns[$j]).")";
}
}
$query = "SELECT * FROM $table " . $where_part;
($result=mysql_query($query)) or die("Search query failed: $query");
//Display the search results
echo '<table border="1" align="center" cellpadding="0" cellspacing="0" style="border-collapse: collapse;" bordercolor="#C6C3C6" width="80%">';
echo '<tr align="center" bgcolor="#D6D3CE">';
for($i=0; $i < $amount_of_fields; $i++)
echo "<th>".mysql_field_name($table_fields, $i)."</th>";
echo "</tr>";
//In the case that simple search has been selected, $positive_operator_patterns must be created
//here. With advanced_search, it is created earlier in the file.
if($advanced == false)
{
$positive_operator_patterns[0] = $search_condition_pattern;
}
if(!$case_sensitive)
{
while($row = mysql_fetch_array($result))
{
echo "<tr>";
for($i=0; $i < $amount_of_fields; $i++)
{
if(!patternMatch($positive_operator_patterns, $row[$i]))
echo '<td align="center">' . $row[$i] . '</td>';
else
echo '<td align="center"><font class="search_pattern">' . $row[$i] . '</font></td>';
}
echo "</tr>";
}
}
//$case_sensitive == "yes". Only applicable to simple search.
else
{
while($row = mysql_fetch_array($result))
{
if(caseSensitiveFilter($row, $amount_of_fields, $positive_operator_patterns))
{
echo "<tr>";
for($i=0; $i < $amount_of_fields; $i++)
{
if(!patternMatch($positive_operator_patterns, $row[$i]))
echo "<td align='center'>" . $row[$i] . "</td>";
else
echo "<td align='center'><font class=\"search_pattern\">" . $row[$i] . "</td>";
}
echo "</tr>";
}
}
}
echo "</table></div>";
endhtml()
?>