List:Denmark MySQL Users Group« Previous MessageNext Message »
From:Allan Jacobsen Date:February 3 2009 8:35am
Subject:SV: variable searching with FULLTEXT
View as plain text  
> $searchstring = "hi mom"; // Or $_POST[searchtext]..
> $query = "SELECT * FROM journal WHERE text like '%$searchstring%'";

Is correct, but not safe, the last line should be:

$query = "SELECT * FROM journal WHERE text like

Best regards/MVH
Allan Jacobsen
Infrastruktur, IT-teknik, Danske Spil A/S
Korsdalsvej 135, 2605 Brøndby

-----Oprindelig meddelelse-----
Fra: Esben Damgaard [mailto:ebbe@stripped] 
Sendt: 3. februar 2009 08:56
Til: Norman Bird
Cc: denmark@stripped
Emne: Re: variable searching with FULLTEXT

Norman Bird skrev:
> I'm developing a search form for an online journal/diary where the user can
> search the data for any words or even Boolean format. I want what FULLTEXT
> provide, but fulltext requires a constant string. that appears to be only
> good for ad hoc queries from the command line.
> How do you guys handle user forms where the search data is dynamic?
> Interested in how evertone handles that situation. All I see available is
> using "LIKE"
> I.E.
> select * from journal where 'text' like '%dreams%'
You just printed your solution. Now what you need is to take this to a 
PHP forum.. or I could just give you your answer:

$searchstring = "hi mom"; // Or $_POST[searchtext]..
$query = "SELECT * FROM journal WHERE text like '%$searchstring%'";


Denmark MySQL Users Group Mailing List
For list archives:
To unsubscribe:

variable searching with FULLTEXTNorman Bird3 Feb
  • Re: variable searching with FULLTEXTEsben Damgaard3 Feb
    • SV: variable searching with FULLTEXTAllan Jacobsen3 Feb
  • RE: variable searching with FULLTEXTHaktan Bulut3 Feb
    • Re: variable searching with FULLTEXTNorman Bird3 Feb