Mo45 · December 28, 2022 17:55
diff --git a/class-search.php b/class-search.php
 <?php
 /**
 * Performs a search
 *
 * This class is used to perform search functions in a MySQL database
 *
 * @version 1.2
 * @author John Morris <[email protected]>
 * @author Kirill Krasin <[email protected]>
 */
 class search {
  /**
   * MySQLi connection
   * @access private
   * @var object
   */
  private $mysqli;
  
  /**
   * Constructor
   *
   * This sets up the class
   */
  public function __construct() {
    // Connect to our database and store in $mysqli property
    $this->connect();
  }
  /**
   * Database connection
   * 
   * This connects to our database
   */
  private function connect() {
    $this->mysqli = new mysqli( 'localhost', 'root', 'root', 'snippets' );
  }
  
  /**
   * Search routine
   * 
   * Performs a search
   * 
   * @param string $search_term The search term
   * 
   * @return array/boolen $search_results Array of search results or false
   */
  public function search($search_term) {
    // Sanitize the search term to prevent injection attacks
    $sanitized = $this->mysqli->real_escape_string($search_term);
    
    // Set UTF-8 for Cyrillic
    $this->mysqli->query("SET NAMES 'utf8'");
    // Run the query
    $query = $this->mysqli->query("
      SELECT title
      FROM search
      WHERE title COLLATE UTF8_GENERAL_CI LIKE '%{$sanitized}%'
      OR body LIKE '%{$sanitized}%'
    ");
    
    // Check results
    if ( ! $query->num_rows ) {
      return false;
    }
    
    // Loop and fetch objects
    while( $row = $query->fetch_object() ) {
      $rows[] = $row;
    }
    
    // Build our return result
    $search_results = array(
      'count' => $query->num_rows,
      'results' => $rows,
    );
    
    return $search_results;
  }
 }
diff --git a/search.php b/search.php
 <?php
 //Check if search data was submitted
 if ( isset( $_GET['s'] ) ) {

  // Include the search class
  require_once( dirname( __FILE__ ) . '/class-search.php' );
  
  // Instantiate a new instance of the search class
  $search = new search();
  
  // Store search term into a variable
  $search_term = htmlspecialchars($_GET['find'], ENT_QUOTES, 'UTF-8');
  
  // Send the search term to our search class and store the result
  $search_results = $search->search($search_term);

 }
 ?>
 <!DOCTYPE html>
 <html>
  <head>
    <title>Search</title>
  </head>
  <body>
    <h1>Search</h1>
    <div class="search-form">
      <form action="" method="get">
        <div class="form-field">
          <label for="search-field">Search</label>
          <input type="search" name="s" placeholder="Enter your search term..." results="5" value="<?php echo $search_term; ?>">
          <input type="submit" value="Search">
        </div>
      </form>
    </div>
    <?php if ( $search_results ) : ?>
    <div class="results-count">
      <p><?php echo $search_results['count']; ?> results found</p>
    </div>
    <div class="results-table">
      <?php foreach ( $search_results['results'] as $search_result ) : ?>
      <div class="result">
        <p><?php echo $search_result->title; ?></p>
      </div>
      <?php endforeach; ?>
    </div>
    <div class="search-raw">
      <pre><?php print_r($search_results); ?></pre>
    </div>
    <?php endif; ?>
  </body>
 </html>
	<?php
	/**
	* Performs a search
	*
	* This class is used to perform search functions in a MySQL database
	*
	* @version 1.2
	* @author John Morris <[email protected]>
	* @author Kirill Krasin <[email protected]>
	*/
	class search {
	/**
	* MySQLi connection
	* @access private
	* @var object
	*/
	private $mysqli;

	/**
	* Constructor
	*
	* This sets up the class
	*/
	public function __construct() {
	// Connect to our database and store in $mysqli property
	$this->connect();
	}
	/**
	* Database connection
	*
	* This connects to our database
	*/
	private function connect() {
	$this->mysqli = new mysqli( 'localhost', 'root', 'root', 'snippets' );
	}

	/**
	* Search routine
	*
	* Performs a search
	*
	* @param string $search_term The search term
	*
	* @return array/boolen $search_results Array of search results or false
	*/
	public function search($search_term) {
	// Sanitize the search term to prevent injection attacks
	$sanitized = $this->mysqli->real_escape_string($search_term);

	// Set UTF-8 for Cyrillic
	$this->mysqli->query("SET NAMES 'utf8'");
	// Run the query
	$query = $this->mysqli->query("
	SELECT title
	FROM search
	WHERE title COLLATE UTF8_GENERAL_CI LIKE '%{$sanitized}%'
	OR body LIKE '%{$sanitized}%'
	");

	// Check results
	if ( ! $query->num_rows ) {
	return false;
	}

	// Loop and fetch objects
	while( $row = $query->fetch_object() ) {
	$rows[] = $row;
	}

	// Build our return result
	$search_results = array(
	'count' => $query->num_rows,
	'results' => $rows,
	);

	return $search_results;
	}
	}
	<?php
	//Check if search data was submitted
	if ( isset( $_GET['s'] ) ) {

	// Include the search class
	require_once( dirname( __FILE__ ) . '/class-search.php' );

	// Instantiate a new instance of the search class
	$search = new search();

	// Store search term into a variable
	$search_term = htmlspecialchars($_GET['find'], ENT_QUOTES, 'UTF-8');

	// Send the search term to our search class and store the result
	$search_results = $search->search($search_term);

	}
	?>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Search</title>
	</head>
	<body>
	<h1>Search</h1>
	<div class="search-form">
	<form action="" method="get">
	<div class="form-field">
	<label for="search-field">Search</label>
	<input type="search" name="s" placeholder="Enter your search term..." results="5" value="<?php echo $search_term; ?>">
	<input type="submit" value="Search">
	</div>
	</form>
	</div>
	<?php if ( $search_results ) : ?>
	<div class="results-count">
	<p><?php echo $search_results['count']; ?> results found</p>
	</div>
	<div class="results-table">
	<?php foreach ( $search_results['results'] as $search_result ) : ?>
	<div class="result">
	<p><?php echo $search_result->title; ?></p>
	</div>
	<?php endforeach; ?>
	</div>
	<div class="search-raw">
	<pre><?php print_r($search_results); ?></pre>
	</div>
	<?php endif; ?>
	</body>
	</html>