Site Search

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
luketheduck
Forum Newbie
Posts: 18
Joined: Mon Apr 19, 2004 9:13 am
Location: Aylesbury, Bucks, UK

Site Search

Post by luketheduck »

Hi all.

I'm trying to implement a search feature on my website.

I have the query set up as follows, which works as I want:

Code: Select all

SELECT * FROM news WHERE news_content LIKE '%$search_string%' ORDER BY news_date DESC
What I want to know though, is how do I adapt my scrip if people do a search such as 'monkey' or "monkey" ie. with apostrophes/quotations? At the moment it returns the search term as \'monkey\' or \"monkey\".
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

User avatar
luketheduck
Forum Newbie
Posts: 18
Joined: Mon Apr 19, 2004 9:13 am
Location: Aylesbury, Bucks, UK

Post by luketheduck »

On the search_term variable?

Tried that, but it produced an error in the SQL as search_term 'monkey' was becoming LIKE '%'monkey'%' !
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

also might want to take a look at

mysql_real_escape_string
User avatar
luketheduck
Forum Newbie
Posts: 18
Joined: Mon Apr 19, 2004 9:13 am
Location: Aylesbury, Bucks, UK

Post by luketheduck »

I looked, but it means very little to me!

How do I get this to work?
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

basically, you need to re-read that page because it pretty much explains exactly how to do what you are needing...

in a nut shell, all you are gonna be doing is something like

Code: Select all

$search_string=stripslashes($search_string);
$search_string=mysql_real_escape_string($search_string);
$sql = mysql_query("SELECT * FROM news WHERE news_content LIKE '%".$search_string."%' ORDER BY news_date DESC");
User avatar
luketheduck
Forum Newbie
Posts: 18
Joined: Mon Apr 19, 2004 9:13 am
Location: Aylesbury, Bucks, UK

Post by luketheduck »

I've implemented exactly as you've said, but the final search term still comes out as \'monkey\' for searching 'monkey'

The three lines of code I'm using for working with the search_string are below. Is it something to do with what's being sent from the form?

Code: Select all

$search_string = $_POSTї'txtSearchString'];
$search_string=stripslashes($search_string);
$search_string=mysql_real_escape_string($search_string);
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

try the strip slashes after the real_escape_string maybe
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

It might also depend on how you original stored the data.

Look at the data in phpMyAdmin or what ever you use and see if there are extra slashes around the data.
Post Reply