tags:

views:

28

answers:

2
Q: 

search using pdo, mysql and php

i'm trying my hand with PDO and would like to know if the following is the correct code to search keywords since it's giving me an error: mysql_real_escape_string(): [2002] A connection attempt failed because connected host has failed to respond.

php class:

public function searchQuotes() 
        {
            $search = mysql_real_escape_string($_POST['search']);

            $sql = "SELECT cQuotes, vAuthor, cArabic, vReference FROM thquotes WHERE cQuotes LIKE '% :search %' ORDER BY idQuotes DESC";


                  try {

                      $query = $this->_db->prepare($sql);
                      $query->bindParam(':search', $search, PDO::PARAM_STR);
                      $query->execute();

                      if(!$query->rowCount()==0)
                      {
                               while($row = $query->fetch())
                        {
                            echo $this->formatSearch($row);
                        }


                      }
                      else
                         {
                            echo "No results found!";
                         }
                      $query->closeCursor();
                    }
                  catch (Exception $ex){

                        echo "Something went wrong " . $ex;
                    }
        }

        public function formatSearch($row) 
        {
            $cQuote =  highlightWords(htmlspecialchars($row['cQuotes']), $search);

            return "<p id=\"s_arabic\">" . $this->h($row['cArabic']) . "</p><br />"
            . "<p id=\"s_quotes\"><q>&nbsp;" . $cQuote . "&nbsp;</q></p><br />"
            . "<p id=\"s_author\"><b>-</b>&nbsp;" . $this->h($row['vAuthor']) . "</p><br />"
            . "<p id=\"s_reference\"><span class=\"source\">Source:</span> " . $this->h($row['vReference']) . "</p>"; 
        }

php page:

if (isset($_POST['search'])) 
    $quotes->searchQuotes();

else
   $quotes->displayQuotes();

displayQuotes() displays the quotes fine, so I'm assuming nothing is wrong with the connection in itself.

+3  A: 

With PDO and binding params / prepared statements you do not need to escape strings. How you have it setup, PDO should automatically escape it for you.

Since you are using PDO, you are not using the mysql_connect driver and thus you cannot use the real_escape_string function as it requires a valid connection to the mysql server, using the mysql_connect.

EDIT:

Not sure about this if statement, but it could be problematic:

 if($query->rowCount()>0)

Would be better to use imo. It may or may not be the problem. The other issue is you should be checking the error information and alert yourself if there is an error in some way.

Brad F Jacobs  2010-07-27 18:24:51
thanks for pointing that out. any other mistakes there, since it says `no results found` even though there are quotes with that keyword.
fuz3d  2010-07-27 18:30:02
Well, the extra spaces in the like statement will find only the search string if it is surrounded by spaces (not sure if this was intentional or not). But I rarely used the bindparam method, so I am not 100% sure on that functionality. The query looks alright, given that those spaces were intentional. With those spaces though, if the search keyword is at the very beginning or the end, it will not match, given it requires the spaces to match it.
Brad F Jacobs  2010-07-27 18:32:56
what would you use then, instead of bindparam, to search for a keyword? since i'm new to PDO, i'm still learning. so if you have an efficient or a better alternative, please do point out.
fuz3d  2010-07-27 18:36:56
oh, and i removed the spaces, yet it is displaying `no results found`.
fuz3d  2010-07-27 18:39:08
Me, I use the prepared statements, I just like them better, personal preference. As far as it not returning any results check if there was an error in the SQL, also: see my edit above.
Brad F Jacobs  2010-07-27 18:41:11
A: 

You don't have to use mysql_real_escape_string() in case you're using PDO prepared statements

Col. Shrapnel  2010-07-27 18:25:06

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases