Page 1 of 1
Site Search
Posted: Thu May 05, 2005 2:06 pm
by luketheduck
Hi all.
I'm trying to implement a search feature on my website.
I have the query set up as follows, which works as I want:
Code: Select all
SELECT * FROM news WHERE news_content LIKE '%$search_string%' ORDER BY news_date DESC
What I want to know though, is how do I adapt my scrip if people do a search such as 'monkey' or "monkey" ie. with apostrophes/quotations? At the moment it returns the search term as \'monkey\' or \"monkey\".
Posted: Thu May 05, 2005 2:11 pm
by John Cartwright
Posted: Thu May 05, 2005 2:13 pm
by luketheduck
On the search_term variable?
Tried that, but it produced an error in the SQL as search_term 'monkey' was becoming LIKE '%'monkey'%' !
Posted: Thu May 05, 2005 2:50 pm
by John Cartwright
also might want to take a look at
mysql_real_escape_string
Posted: Thu May 05, 2005 3:27 pm
by luketheduck
I looked, but it means very little to me!
How do I get this to work?
Posted: Thu May 05, 2005 3:42 pm
by infolock
basically, you need to re-read that page because it pretty much explains exactly how to do what you are needing...
in a nut shell, all you are gonna be doing is something like
Code: Select all
$search_string=stripslashes($search_string);
$search_string=mysql_real_escape_string($search_string);
$sql = mysql_query("SELECT * FROM news WHERE news_content LIKE '%".$search_string."%' ORDER BY news_date DESC");
Posted: Thu May 05, 2005 5:14 pm
by luketheduck
I've implemented exactly as you've said, but the final search term still comes out as \'monkey\' for searching 'monkey'
The three lines of code I'm using for working with the search_string are below. Is it something to do with what's being sent from the form?
Code: Select all
$search_string = $_POSTї'txtSearchString'];
$search_string=stripslashes($search_string);
$search_string=mysql_real_escape_string($search_string);
Posted: Thu May 05, 2005 9:56 pm
by John Cartwright
try the strip slashes after the real_escape_string maybe
Posted: Fri May 06, 2005 3:37 am
by phpScott
It might also depend on how you original stored the data.
Look at the data in phpMyAdmin or what ever you use and see if there are extra slashes around the data.