-
Notifications
You must be signed in to change notification settings - Fork 3
/
search.php
72 lines (62 loc) · 1.72 KB
/
search.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
// Clean the URI
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$servername = "localhost";
$username = "romerese_temples";
$dbname = "romerese_temples";
$password = trim(file_get_contents("forbidden/pw.txt"));
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname;charset=utf8", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = 'SELECT * from temples';
$queryString = $_GET;
// If the URI contains some _GET string, assume it's valid and see what happens.
if ($queryString != []) {
// Turn it into a sql request
$count = count($queryString);
$counter = 0;
// Extra term needed only on local set-up
$sql = $sql . ' WHERE type = "temple" AND ';
foreach($queryString as $x => $x_value) {
$sql = $sql . test_input($x) . ' LIKE "%' . test_input($x_value) . '%"';
$counter++;
if ($counter < $count) {
$sql = $sql . " AND ";
}
}
}
// Ouput records as csv
$stmt = $conn->prepare($sql);
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Make sure there were some results before doing a lot of work
if ( count($result) > 0 ) {
// First output column names as header row
$rs = $conn->query($sql . ' LIMIT 0');
for ($i = 0; $i < $rs->columnCount(); $i++) {
$col = $rs->getColumnMeta($i);
$columns[] = $col['name'];
}
$headers=implode(",",$columns);
// Then output results
$out = fopen('php://output', 'w');
echo $headers . "\n";
foreach ($result as $field) {
fputcsv($out, $field);
}
fclose($out);
}
else {
echo "No records found matching query.";
}
$conn = null;
}
catch(PDOException $e) {
echo "Error: " . $e->getMessage();
}
?>