#!/usr/bin/perl -w
use CGI':standard';
use CGI::Carp "fatalsToBrowser";
use DBI;

sub err()
{print "Error in @_[0] field - @_[1]";
print "</BODY> <BODY BGCOLOR=\"white\">";exit;}

print header;
print "<HTML> <BODY BGCOLOR=\"white\">";

$PRICE=param('PRICE');$BEDROOMS=param('BEDROOMS');
$COMMENTS=param('COMMENTS');$LOCATION=param('LOCATION');
$PROPTYPE=param('PROPTYPE');$NAME=param('NAME');
$TELEPHONE=param('TELEPHONE');$EMAIL=param('EMAIL');

if(($PRICE !~ /\A\d+\Z/) || ($PRICE>1000000 || $PRICE<0)){&err("PRICE",$PRICE);}
if(($BEDROOMS !~ m/\A\d+\Z/) || ($BEDROOMS>10 || $BEDROOMS<1)){&err("BEDROOMS",$BEDROOMS);}
if($COMMENTS !~ m/\w|/){&err("COMMENTS",$COMMENTS);}
if($LOCATION !~ m/London|Manchester|Coventry|Leeds/i ){&err("LOCATION",$LOCATION);}
if($PROPTYPE !~ m/Freehold|Leasehold/i ){&err("PROPTYPE",$PROPTYPE);}
if($NAME !~/\A[a-z]+\Z/i){&err("NAME",$NAME);}
if($TELEPHONE !~ m/\A\d+\Z/i){&err("TELEPHONE",$TELEPHONE);}
if($EMAIL !~/\A[a-z]+\@[a-z]+\Z/i){&err("EMAIL",$EMAIL);}


if($PROPTYPE eq "FREEHOLD"){$PROPTYPE="F"};
if($PROPTYPE eq "LEASEHOLD"){$PROPTYPE="L"};

print "<H1> Search Matches <H1>";

$query=qq(SELECT * FROM houses where BEDROOMS>='$BEDROOMS' AND PRICE<='$PRICE'  AND LOCATION='$LOCATION' AND PROPTYPE='$PROPTYPE');


$user='';
$pass='';
$dbh=DBI->connect('DBI:mysql:database=staffkeithy;host=possum',$user,$pass) or 
die "Can't connect to database";

$sth=$dbh->prepare($query);
$sth->execute;

if($sth->rows>0)
{
print "<table border=\"1\"> ";
print "<tr> <td> Price </td> <td>  Bedrooms</td> <td>Comments </td> </tr>";
while(@result=$sth->fetchrow_array){
print " <tr> <td> £ $result[0] </td> <td>  $result[1] </td> <td> $result[2] </td> \n";
}
print "</table>";
}
else
{
print "No Searches found\n";
}


$sth->finish;
$dbh->disconnect;