-
Notifications
You must be signed in to change notification settings - Fork 0
/
home.php
122 lines (91 loc) · 2.48 KB
/
home.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
session_start();
if(isset($_SESSION['js'])){
?>
<?php
echo " <script>
function submitFunction(){
const getInpt = document.getElementById('search').value;
if(getInpt.includes('*')||getInpt.includes('.')||getInpt.includes('SELECT')||getInpt.includes('FROM')||getInpt.includes('\"')||getInpt.includes(';')||getInpt.includes(':')||getInpt.includes('DROP')){
document.write('denial');
}
}
</script>
";
?>
<!DOCTYPE HTML>
<html>
<head>
<script>
function displayTitle(){
document.getElementById('h1').innerHTML='Search Our Products Name:';
}
function displayForm(){
document.getElementById('form').innerHTML='<label></label><input type="text" name="searchs" id="search"><input type="submit" id="btnS" name="submitbtn" value="Search" onclick="submitFunction()"/>';
}
</script>
<title>Search Our Products</title>
<style>
table,th,td{
border: 1px solid black;
text-align:center;
margin:auto;
}
*{
text-align:center;
}
</style>
</head> <noscript>
seems like you disabled JS again.
</noscript>
<body id='body1' onload='displayTitle();displayForm();'>
<h1 id='h1'></h1>
<form id="form" action="home.php" method="post" name="form">
</form>
</body>
</html>
<?php
$con = new PDO("mysql:host=localhost;dbname=products",'root','');
if(isset($_POST["submitbtn"]) && $_POST["searchs"] != "" && $_POST["searchs"] != " "){
$str = $_POST["searchs"];
$sth = $con -> prepare("SELECT * FROM `products` WHERE Product_Name LIKE '%$str%' ");
$sth-> setFetchMode(PDO:: FETCH_OBJ);
$sth -> execute();
if($row = $sth->fetch()){
?>
<br><br><br>
<table>
<tr>
<th>ID</th>
<th>Name</th>
<th>Desc</th>
<th>Stars</th>
</tr>
<td>
<?php echo $row->Product_ID; ?>
</td>
<td>
<?php echo $row->Product_Name; ?>
</td>
<td>
<?php echo $row->Product_Description; ?>
</td>
<td>
<?php echo $row->Product_Stars; ?>
</td>
</tr>
</table>
<?php
}
else{
echo "Name Does not exist";
}
}
?>
<?php
}
else{
echo "denial";
exit;
}
?>