[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-db
Subject:    Re: [PHP-DB] explode () and mySQL query
From:       Chris <dmagick () gmail ! com>
Date:       2008-05-29 0:21:14
Message-ID: 483DF6FA.5050900 () gmail ! com
[Download RAW message or body]

Ron Piggott wrote:
> I am trying to add a search feature to my shopping cart.
> 
> I am wanting to use PHP to develop the query for mySQL.  I have the
> following code figured out:
> 
> foreach(explode(" ", $keyword) as $key) $query .= " $key, ";

I hope this isn't a copy/paste from your code as it's going to cause
problems with sql queries (put a ' in one of your keywords and see what
happens). If it is, you need to use mysql_real_escape_string.

If it's not, then ignore :P

> This produces:
> 
> WHERE shopping_cart_product.product_description IN ( Jesus, is, Lord, )
> 
> The weakness is the trailing , after the last word the user types in.

The easiest way would be to do something like this:

$keyword_search = '';
foreach(explode(" ", $keyword) as $key) {
  $keyword_search .= "'" . mysql_real_escape_string($key) . "', ";
}

// take off the last 2 chars - one is a 'space' and the other is the
last ','
$keyword_search = substr($keyword_search, 0, -2);

-- 
Postgresql & php tutorials
http://www.designmagick.com/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]