function search_item($dbc, $values, $status)
{
$location_id = get_location_id($dbc, $values['building']);
# '~~~' is a string which will not match anything in the database
foreach ($values as $key => $value) {
if ($value == "") {
$values[$key] = "~~~";
} else {
# Sanitize the input
$values[$key] = mysqli_real_escape_string($dbc, $value);
}
}
# More non-matching stings
if (!array_key_exists('owner', $values)) {
$values['owner'] = '~~~';
}
if (!array_key_exists('finder', $values)) {
$values['finder'] = '~~~';
}
# Build the behemoth of a query
$query = "SELECT *, stuff.id AS item_id FROM stuff JOIN locations ON (stuff.location_id = locations.id)\n\t\tWHERE (item LIKE '%{$values['item']}%' \n\t\tOR owner LIKE '%{$values['owner']}%'\n\t\tOR finder LIKE '%{$values['finder']}%'\n\t\tOR email LIKE '%{$values['email']}%'\n\t\tOR phone LIKE '%{$values['phone']}%'\n\t\tOR room LIKE '%{$values['room']}%'\n\t\tOR description LIKE '%{$values['description']}%'\n\t\tOR location_id = '{$location_id}')\n\t\tAND status = '{$status}'";
$results = mysqli_query($dbc, $query);
check_results($results);
if ($results != true) {
echo mysqli_error($dbc);
exit;
}
# Build an array of row results to be returned by the function
$array = array();
while ($row = mysqli_fetch_array($results, MYSQLI_ASSOC)) {
$array[] = $row;
}
mysqli_free_result($results);
return $array;
}
function validate_values($dbc, $values)
{
$errors = array();
if (empty($values['item'])) {
$errors[] = "<li>Item cannot be empty";
}
if (empty($values['owner']) && empty($values['finder'])) {
$errors[] = "<li>Name cannot be empty";
}
if (get_location_id($dbc, $values['building']) == -1) {
$errors[] = "<li>No matching location found";
}
if (empty($values['description'])) {
$errors[] = "<li>Description cannot be empty";
}
if (empty($errors)) {
return 0;
}
return $errors;
}
