PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
luketheduck
Forum Newbie
Posts: 18 Joined: Mon Apr 19, 2004 9:13 am
Location: Aylesbury, Bucks, UK
Post
by luketheduck » Thu May 05, 2005 2:06 pm
Hi all.
I'm trying to implement a search feature on my website.
I have the query set up as follows, which works as I want:
Code: Select all
SELECT * FROM news WHERE news_content LIKE '%$search_string%' ORDER BY news_date DESC
What I want to know though, is how do I adapt my scrip if people do a search such as 'monkey' or "monkey" ie. with apostrophes/quotations? At the moment it returns the search term as \'monkey\' or \"monkey\".
luketheduck
Forum Newbie
Posts: 18 Joined: Mon Apr 19, 2004 9:13 am
Location: Aylesbury, Bucks, UK
Post
by luketheduck » Thu May 05, 2005 2:13 pm
On the search_term variable?
Tried that, but it produced an error in the SQL as search_term 'monkey' was becoming LIKE '%'monkey'%' !
luketheduck
Forum Newbie
Posts: 18 Joined: Mon Apr 19, 2004 9:13 am
Location: Aylesbury, Bucks, UK
Post
by luketheduck » Thu May 05, 2005 3:27 pm
I looked, but it means very little to me!
How do I get this to work?
infolock
DevNet Resident
Posts: 1708 Joined: Wed Sep 25, 2002 7:47 pm
Post
by infolock » Thu May 05, 2005 3:42 pm
basically, you need to re-read that page because it pretty much explains exactly how to do what you are needing...
in a nut shell, all you are gonna be doing is something like
Code: Select all
$search_string=stripslashes($search_string);
$search_string=mysql_real_escape_string($search_string);
$sql = mysql_query("SELECT * FROM news WHERE news_content LIKE '%".$search_string."%' ORDER BY news_date DESC");
luketheduck
Forum Newbie
Posts: 18 Joined: Mon Apr 19, 2004 9:13 am
Location: Aylesbury, Bucks, UK
Post
by luketheduck » Thu May 05, 2005 5:14 pm
I've implemented exactly as you've said, but the final search term still comes out as \'monkey\' for searching 'monkey'
The three lines of code I'm using for working with the search_string are below. Is it something to do with what's being sent from the form?
Code: Select all
$search_string = $_POSTї'txtSearchString'];
$search_string=stripslashes($search_string);
$search_string=mysql_real_escape_string($search_string);
John Cartwright
Site Admin
Posts: 11470 Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:
Post
by John Cartwright » Thu May 05, 2005 9:56 pm
try the strip slashes after the real_escape_string maybe
phpScott
DevNet Resident
Posts: 1206 Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.
Post
by phpScott » Fri May 06, 2005 3:37 am
It might also depend on how you original stored the data.
Look at the data in phpMyAdmin or what ever you use and see if there are extra slashes around the data.