function search_item($dbc, $values, $status) { $location_id = get_location_id($dbc, $values['building']); # '~~~' is a string which will not match anything in the database foreach ($values as $key => $value) { if ($value == "") { $values[$key] = "~~~"; } else { # Sanitize the input $values[$key] = mysqli_real_escape_string($dbc, $value); } } # More non-matching stings if (!array_key_exists('owner', $values)) { $values['owner'] = '~~~'; } if (!array_key_exists('finder', $values)) { $values['finder'] = '~~~'; } # Build the behemoth of a query $query = "SELECT *, stuff.id AS item_id FROM stuff JOIN locations ON (stuff.location_id = locations.id)\n\t\tWHERE (item LIKE '%{$values['item']}%' \n\t\tOR owner LIKE '%{$values['owner']}%'\n\t\tOR finder LIKE '%{$values['finder']}%'\n\t\tOR email LIKE '%{$values['email']}%'\n\t\tOR phone LIKE '%{$values['phone']}%'\n\t\tOR room LIKE '%{$values['room']}%'\n\t\tOR description LIKE '%{$values['description']}%'\n\t\tOR location_id = '{$location_id}')\n\t\tAND status = '{$status}'"; $results = mysqli_query($dbc, $query); check_results($results); if ($results != true) { echo mysqli_error($dbc); exit; } # Build an array of row results to be returned by the function $array = array(); while ($row = mysqli_fetch_array($results, MYSQLI_ASSOC)) { $array[] = $row; } mysqli_free_result($results); return $array; }
function validate_values($dbc, $values) { $errors = array(); if (empty($values['item'])) { $errors[] = "<li>Item cannot be empty"; } if (empty($values['owner']) && empty($values['finder'])) { $errors[] = "<li>Name cannot be empty"; } if (get_location_id($dbc, $values['building']) == -1) { $errors[] = "<li>No matching location found"; } if (empty($values['description'])) { $errors[] = "<li>Description cannot be empty"; } if (empty($errors)) { return 0; } return $errors; }