> $searchstring = "hi mom"; // Or $_POST[searchtext]..
> $query = "SELECT * FROM journal WHERE text like '%$searchstring%'";
Is correct, but not safe, the last line should be:
$query = "SELECT * FROM journal WHERE text like
'%'.mysql_real_escape_string($searchstring).'%'";
Best regards/MVH
Allan Jacobsen
Infrastruktur, IT-teknik, Danske Spil A/S
Korsdalsvej 135, 2605 Brøndby
-----Oprindelig meddelelse-----
Fra: Esben Damgaard [mailto:ebbe@stripped]
Sendt: 3. februar 2009 08:56
Til: Norman Bird
Cc: denmark@stripped
Emne: Re: variable searching with FULLTEXT
Norman Bird skrev:
> I'm developing a search form for an online journal/diary where the user can
> search the data for any words or even Boolean format. I want what FULLTEXT
> provide, but fulltext requires a constant string. that appears to be only
> good for ad hoc queries from the command line.
>
> How do you guys handle user forms where the search data is dynamic?
>
> Interested in how evertone handles that situation. All I see available is
> using "LIKE"
> I.E.
>
> select * from journal where 'text' like '%dreams%'
>
You just printed your solution. Now what you need is to take this to a
PHP forum.. or I could just give you your answer:
$searchstring = "hi mom"; // Or $_POST[searchtext]..
$query = "SELECT * FROM journal WHERE text like '%$searchstring%'";
/E
--
Denmark MySQL Users Group Mailing List
For list archives: http://lists.mysql.com/ug-denmark
To unsubscribe: http://lists.mysql.com/ug-denmark?unsub=1
