Problem with code

1

Okay, here's what I have:

    <form style="" name="form">
        <input placeholder="Search..." name="name" id="fn" type="text">
        <input style="display: none ! important;" value="Search" id="search-btn" type="submit">
    </form>

    <div id = "results"></div>


<script type = "text/javascript">
$(document).ready(function(){
    $('#results').load('search_results.php').show();
    $('#search-btn').click(function(){
        showValues();
    });

    $("#fn").keyup(function() {
    if($(this).val().length >= 3) 
        showValues();
    });

    $(function() {
        $('form').bind('submit',function(){
            showValues(); 
            return false; 
        });
    });

    function showValues() {
        $.post('search_results.php', { name: form.name.value },
    function(result){
            $('#results').html(result).show();
        });
    }       
    });
</script>

.

<?php
ini_set('display_errors', true);
 error_reporting(E_ALL);
include_once("../../cdn/lib/config.php");
$stmt = $db->query("SELECT * FROM films ORDER BY Title");
$stmt->execute();
$films = $stmt->fetchAll(PDO::FETCH_ASSOC);

    isset( $_REQUEST['name'] ) ? $name=$_REQUEST['name'] : $name='';

    if( empty( $name )){
    foreach($films as $index => $row) {  ?>


    <div id="cover" class="img-thumbnail">
        <div class="audiopt"></div>
            <a href="<? echo $row['ID']; ?>" target="_self">
                <div id="effect" class="img-thumbnail" alt="<? echo $row['Title']; ?>" title="<? echo $row['Title']; ?>"></div>
                    <img src="../../cdn/uploads/films/<? echo $row['Cover']; ?>" alt="<? echo $row['Title']; ?>" title="<? echo $row['Title']; ?>" class="img-thumbnail" />
            </a>
    </div>


    <?
    }
        }



        else{
   $sql = "SELECT * FROM films WHERE Title LIKE ? ORDER BY Title"
   $stmt = $db->prepare($sql);
   $stmt->bindValue(1, '%'. $name .'%');
   $stmt->execute();
   $films = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if(empty($films)){?>

        <div id="not-found">No films with this title (<b><? echo "$name" ?></b>)</div>

    <?
    }
    else{
    foreach($films as $index => $row) { ?>


    <div id="cover" class="img-thumbnail">
        <div class="audiopt"></div>
            <a href="<? echo $row['ID']; ?>" target="_self">
                <div id="effect" class="img-thumbnail" alt="<? echo $row['Title']; ?>" title="<? echo $row['Title']; ?>"></div>
                    <img src="../../cdn/uploads/films/<? echo $row['Cover']; ?>" alt="<? echo $row['Title']; ?>" title="<? echo $row['Title']; ?>" class="img-thumbnail" />
            </a>
    </div>


        <?
        }
        }
        }
        ?>

The problem is: in xampp this code works perfectly, but on my site it does not. I do the research and he just does not react. Someone can help me? Only at the beginning does it give me dados all. But when I search, nothing happens.

    
asked by anonymous 02.05.2015 / 03:06

1 answer

1

To use mysql_real_escape_string you need an active connection as you did not connect the bank with old functions mysql_ * remove the line down.

$name = mysql_real_escape_string( $name );

Sanitize user input with prepared statements, the first step is to remove mysql_real_escape_string from the code, then convert the sql string to a query prepared with prepare() method, now bind $name with query using bindValue() The first argument is the interrogation position and the second is the value that will be assigned to it and finally get the result of the query with fetchAll() .

Change:

else{
   $stmt = $db->query("SELECT * FROM films WHERE Title LIKE '%$name%' ORDER BY Title");
   $stmt->execute();
   $films = $stmt->fetchAll(PDO::FETCH_ASSOC); 

To:

else{
   $sql = "SELECT * FROM films WHERE Title LIKE ? ORDER BY Title"
   $stmt = $db->prepare($sql);
   $stmt->bindValue(1, '%'. $name .'%');
   $stmt->execute();
   $films = $stmt->fetchAll(PDO::FETCH_ASSOC);
    
02.05.2015 / 03:55