Thank you very much. John
I will look at it and test again
1 Like
Hi John
Iâm afraid at my age things donât come too easily⌠Youâll get there one day!
I have spent all afternoon trying to understand why your Test works, but no matter what I do I canât replicate it here. Something to do with my keyboard?
The Source code is of little use as it does not show me
- where exactly you placed the code **within the script **
This is where it is at the moment but it does nothing new. After this code comes the connection with password, etc
<?php
$results = true;
function just_clean($string)
{
$string = str_replace(â-â, â ', $string);
$string = preg_replace
(
â~&([a-z]{1,2})(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~iâ,
â$1â,
htmlentities($string, ENT_COMPAT, âUTF-8â)
);return $string;
}
// Find out if the user accessed the file directly
//if($_SERVER[âREQUEST_METHODâ] == âGETâ) {
// header(âLocation:/TEMP/SOS/Search1.phpâ); // redirect the user if the form was not submitted.
// die(); // Ignore anything after the die.
//} elseif($_SERVER[âREQUEST_METHODâ] == âPOSTâ) {
this is a much neater method of detecting post, nothing posted, send them on their way
if(!isset($_POST)){
header(âLocation: http://pintotours.net/Search/Search1.phpâ); // redirect the user if the form was not submitted.
die(); // Ignore anything after the die.
}
Somehow, I feel that it should come after the connection when it is in touch with the database, but I have tried it in many positions and canât get it to work.
Anyway, I appreciate the time you took trying to help me.
Cheers.
Hi @qim,
The function should work if it is in the file that calls the MySQL functions.
Use the echo statements to show the $searchq value before and after calling the just_clean() function.
$searchq has to be correct before it is used in the MySQL functions.
[off topic] I donât know how old you are but I very much doubt I will ever reach your current age 
This is what I have including the debug
<?php
$results = true;
function just_clean($string)
{
$string = str_replace(â-â, â ', $string);
$string = preg_replace
(
â~&([a-z]{1,2})(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~iâ,
â$1â,
htmlentities($string, ENT_COMPAT, âUTF-8â)
);return $string;
}
// Find out if the user accessed the file directly
//if($_SERVER[âREQUEST_METHODâ] == âGETâ) {
// header(âLocation:Search1.phpâ); // redirect the user if the form was not submitted.
// die(); // Ignore anything after the die.
//} elseif($_SERVER[âREQUEST_METHODâ] == âPOSTâ) {
this is a much neater method of detecting post, nothing posted, send them on their way
if(!isset($_POST)){
header(âLocation:http://pintotours.net/Search/Search1.phpâ); // redirect the user if the form was not submitted.
die(); // Ignore anything after the die.
}
// Your database preferences
// We are using constants instead of variables for this
// You can use either or
define(âHOSTâ, âlocalhostâ); // Database host
define(âpintotou_â, ârootâ); // Database username
define(ââ, ârootâ); // Database password
define(âpintotou_searchâ, ââ); // Database
$mysqli = new mysqli(âlocalhostâ, âpintotou_', 'â, âpintotou_searchâ); // Connect to the database using MySQLi_* OOP and constants
if($mysqli->connect_errno) {
// Do not die or display any MySQL errors in this area.
die(âUnable to connect to the mysql serverâ);
}
$searchq = filter_var(â%{$_POST[âkeywordâ]}%â, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // Sanitize the string
$sql = âSELECT Image, Chain, Country, City, Top as ââ, Medium as ââ, Low as ââ FROM Chains WHERE Country LIKE ? OR City LIKE ?â; // Your query string
$prepare = $mysqli->prepare($sql); // Prepare your query string
// DEBUG
echo â
Debug: str_replace(âŚ)â;
echo â
Before str_replace( â. $searchq .â)â;
$searchq = str_replace( â-â, â ', $searchq );
echo â
After str_replace( â. $searchq .â)â;
echo â
â;
echo â
Debug: iconv(âŚ)â;
echo â
Before iconv( â. $searchq .â)â;
$searchq = iconv(âUTF-8â, âASCII//TRANSLITâ, $searchq);
echo â
After: iconv(â. $searchq .â)â;
echo â
â;
echo â
Notice the output and refresh your browser to try another inputâ;
echo â
Repeat until satisfied THEN remove all echo and die statementsâ;
die;
$prepare->bind_param(âssâ, $searchq, $searchq); // Bind the placeholders to your search variables
// s = string | i = integer | d = double | b = blob
$prepare->execute(); // Execute the prepared statement
$prepare->store_result(); // Store the results for later checking
// Use num_rows to check if the results return a 0 or 1. 0 meaning false and 1 meaning true
if($prepare->num_rows) {
$prepare->bind_result($image, $chain, $country, $city, $top, $medium, $low); // Append variables to the columns you specified}else
{
$results = false;
$searchMsg = âThere were no search results for ââ. $searchq .ââ!â;
}
if(strlen(trim($_POST[âkeywordâ])) <= 3)
{
$results = false;
$searchMsg = âPlease enter at least 3 charactersâ;
}
?>
The result of the debug
Debug: str_replace(âŚ)
Before str_replace( %guimares%)
After str_replace( %guimares%)
Debug: iconv(âŚ)
Before iconv( %guimares%)
After: iconv(%guimares%)
Notice the output and refresh your browser to try another input
Repeat until satisfied THEN remove all echo and die statements
Just donât drink too much!
Try this:
$searchq = $_POST['keyword'];
Ok, I placed that code on the line below
and this time it returns the whole word exactly as it is entered, i.e. with the accent still there, which means that it returns a âNot foundâ
Ok that has eliminated the % characters, now pass $searchq as a parameter to just_clean();
$searchq = just_clean( $searchq );
Did you check out the Php function tutorials?
Where do I put this?
I did, but you donât learn php in 10 minutesâŚ
A simplified flow might be
- define variable, in this case assigning a ârawâ input value from a form to it
- process variable, includes validation, sanitizing, and otherwise getting it as desired
- use the variable
Call the just_clean() function immediately before the above line.
Thanks
So I put that line of code before this one
[quote=âJohn_Betong, post:45, topic:209249â]
$searchq = filter_var(â%{$POST[âkeywordâ]}%â, FILTERSANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); // Sanitize the string[/quote]
The word GuimarĂŁes was returned without the accented letter, like before
I had deleted the earlier code
$searchq = $_POST[âkeywordâ];
It is quite late here so signing out and hope you solve the problem.
Good night
Thanks John
But this has been a long thread and I think Iâm going to give up. The whole code is in earlier posts and if the experts canât work it out, it will not be me without any php knowledge thatâs going to crack it.
Let me thank you again for your efforts.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.