more multiple queries

[garrensilverwing]

ok i am back working on my search feature for my games, the problem i am having is i am getting no results back... here is my code:

<?php
require ('../../../dbgames_connect.php');
$min=600;
foreach (str_split('GFEDCBAXM') as $class) {
    $classmin[$class] = $min;
    $classmax[$class] = $min+199;
    $min+=200;
}
$classmax['M']="3000";
$classmin['Z']="600";
$classmax['Z']="3000";

if (!$_POST['search'])
    {
?>
        <form method="post" style="text-align: center;" action="gamesb.php" target="_self">
        Search Games, for help and tips <a href="help.htm" target="_blank">click here</a>.<br>
        White:<br>
        First Name:  
        <input name="wFirst" type="text" tabindex="1"><br>
        Last Name:
        <input name="wLast" type="text" tabindex="2"><br>
        Rating:
        <input name="wRating" type="text" tabindex="3" style="height: 22px" size="8">&nbsp;OR:&nbsp; 
        <select name="wClass" tabindex="4" style="height: 22px">
        <option value="Z" selected="">Select Class</option>
        <option>G</option>
        <option>F</option>
        <option>E</option>
        <option>D</option>
        <option>C</option>
        <option>B</option>
        <option>A</option>
        <option value="X">Expert</option>
        <option value="M">Master+</option>
        </select><br>
        <br>
        Black:<br>
        First Name:
        <input name="bFirst" type="text" tabindex="5"><br>
        Last Name:
        <input name="bLast" type="text" tabindex="6"><br>
        Rating:
        <input name="bRating" type="text" tabindex="7" size="8" style="height: 22px">&nbsp;OR:&nbsp;
        <select name="bClass" tabindex="8">
        <option value="Z" selected="">Select Class</option>
        <option>G</option>
        <option>F</option>
        <option>E</option>
        <option>D</option>
        <option>C</option>
        <option>B</option>
        <option>A</option>
        <option value="X">Expert</option>
        <option value="M">Master+</option>
        </select><br>
        <br>
        Game Info:<br>
        Eco:
        <input name="eco" type="text" tabindex="9" size="6"> (<a target="_blank" href="ecocodes.htm">help</a>)<br>
        Year:
        <input name="year" type="text" tabindex="10" size="8">
        <select name="result" tabindex="11">
        <option value="3">Select Result</option>
        <option value="1">1-0</option>
        <option value="0">0-1</option>
        <option value="2">1/2-1/2</option>
        </select>
        <br>
        <input name="search" type="submit" value="search" tabindex="12"></form>
<?php
            }
    else { 
        $wValue=$_POST['wClass'];
        $bValue=$_POST['bClass'];
        $wRatingmin=$classmin[$wValue];
        $wRatingmax=$classmax[$wValue];
        $bRatingmin=$classmin[$bValue];
        $bRatingmax=$classmax[$bValue];
        if ($_POST['wFirst'])
            {$wFirst=sanitize_lower($_POST['wFirst']);
            $restraints[]="wFirst LIKE '$wFirst'";}
        if ($_POST['wLast'])
            {$wLast=sanitize_lower($_POST['wLast']);
            $restraints[]="wLast LIKE '$wLast'";}
        if ($_POST['bFirst'])
            {$bFirst=sanitize_lower($_POST['bFirst']);
            $restraints[]="bFirst LIKE '$bFirst'";}
        if ($_POST['bLast'])
            {$bLast=sanitize_lower($_POST['bLast']);
            $restraints[]="bLast LIKE '$bLast'";}
        if ($_POST['eco'])
            {$eco=strtoupper(sanitize($_POST['eco']));
            $restraints[]="eco LIKE '$eco'";}
        if ($_POST['year'])
            {$year=$_POST['year'];
            $restraints[]="year LIKE '$year'";}
        if ($_POST['wRating'])
            {$wRating=$_POST['wRating'];
            $restraints[]="wRating LIKE '$wRating'";}
        if ($_POST['bRating'])
            {$bRating=$_POST['bRating'];
            $restraints[]="bRating LIKE '$bRating'";}
        if ($_POST['result'])
            {$result=$_POST['result'];
            if($result!=3)
                {
                $restraints[]="result LIKE '$result'";
                }
            }
        $restraints[]="wRating>='{$wRatingmin}'";
        $restraints[]="wRating<='{$wRatingmax}'";
        $restraints[]="bRating>='{$bRatingmin}'";
        $restraints[]="bRating<='{$bRatingmax}'";
        $restraints = 'WHERE ' . implode(' AND ', $restraints);
        echo $restraints;
        $query = mysql_query("SELECT * FROM games $restraints") or die(mysql_error());
        ?>
        <center>
        <?php          
            echo "<ol>";
            while($row = mysql_fetch_array($query))
                {
                $n = $row['id'];
                $result = $row['result'];
                $result = result($result);
                echo "<li><a href=\"javascript:LoadNextPage($n,1)\" class='game'>".$row['wLast']." (".$row['wRating'].") - ".$row['bLast']." (".$row['bRating'].")<br>";
                echo $row['eco']." ".$row['result']."</a></li>";                      
                }
             echo "</ol>";

 

[xav0989]

I would have one thing to say. Try to separate php code and html code (MVC), it's way better than trying to put everything in the same file. Next, I would not recommend transforming an array into a string, even though php is loose on variable types. Try renaming the 'restraints' string to 'restraint'. Also, to test your query, echo it, then try it in phpMyAdmin.

 

[garrensilverwing]

I would have one thing to say. Try to separate php code and html code (MVC), it's way better than trying to put everything in the same file. Next, I would not recommend transforming an array into a string, even though php is loose on variable types. Try renaming the 'restraints' string to 'restraint'. Also, to test your query, echo it, then try it in phpMyAdmin.

ok i made your suggested change, when i echo the query and run in in phpmyadmin it works fine

 

[xav0989]

does the page still shows problems? If so, it is something with your variables (maybe doing = instead of .= ) or it's something with your control flow operators.

 

[misson]

ok i made your suggested change, when i echo the query and run in in phpmyadmin it works fine

For the line $query = mysql_query("SELECT * FROM games $restraints") or die(mysql_error());, am I right in assuming the query succeeds, but it returns an empty result set? What's the query? Try creating a simple PHP script that runs that query. There are still some missing pieces to this puzzle.

        if ($_POST['wFirst'])
            {$wFirst=sanitize_lower($_POST['wFirst']);
            $restraints[]="wFirst LIKE '$wFirst'";}
        if ($_POST['wLast'])
            {$wLast=sanitize_lower($_POST['wLast']);
            $restraints[]="wLast LIKE '$wLast'";}
        // ...
        if ($_POST['bRating'])
            {$bRating=$_POST['bRating'];
            $restraints[]="bRating LIKE '$bRating'";}

This long section can be replaced with

// in whichever file defines sanitize_lower:
function sanitize_int($val) {
  return filter_var($val, FILTER_SANITIZE_NUMBER_INT);
}

// in the search form handler:
$bRatingmax=$classmax[$bValue];
foreach (array('wFirst' => 'sanitize_lower', 'wLast' => 'sanitize_lower',
	       'bFirst' => 'sanitize_lower', 'bLast' => 'sanitize_lower', 
	       'eco' => 'sanitize_upper', 'year' => 'sanitize_int', 
	       'wRating' => 'sanitize_int', 'bRating' => 'sanitize_int')
	 as $field => $func) 
{
  $val = call_user_func($func, $_POST[$field];
  $restraints[] = "$field LIKE '$val'";
}
if ($_POST['result'])

sanitize_upper() needs to be defined, which can be done by a simple modification of a copy of sanitize_lower().

Next, I would not recommend transforming an array into a string, even though php is loose on variable types.

Is your reason for this because when examining a line of source code, you won't be able to tell exactly what a variable holds without examining all the preceding lines? That is, storing different types in the same variable increases interdependecies between lines.

 

[garrensilverwing]

ok i figured it out, i forgot to define function result() i put it as part of another file to be called upon but i didnt require it at the beginning of this one, it works perfectly now