[prev in list] [next in list] [prev in thread] [next in thread]
List: php-db
Subject: Re: [PHP-DB] explode () and mySQL query
From: Chris <dmagick () gmail ! com>
Date: 2008-05-29 0:21:14
Message-ID: 483DF6FA.5050900 () gmail ! com
[Download RAW message or body]
Ron Piggott wrote:
> I am trying to add a search feature to my shopping cart.
>
> I am wanting to use PHP to develop the query for mySQL. I have the
> following code figured out:
>
> foreach(explode(" ", $keyword) as $key) $query .= " $key, ";
I hope this isn't a copy/paste from your code as it's going to cause
problems with sql queries (put a ' in one of your keywords and see what
happens). If it is, you need to use mysql_real_escape_string.
If it's not, then ignore :P
> This produces:
>
> WHERE shopping_cart_product.product_description IN ( Jesus, is, Lord, )
>
> The weakness is the trailing , after the last word the user types in.
The easiest way would be to do something like this:
$keyword_search = '';
foreach(explode(" ", $keyword) as $key) {
$keyword_search .= "'" . mysql_real_escape_string($key) . "', ";
}
// take off the last 2 chars - one is a 'space' and the other is the
last ','
$keyword_search = substr($keyword_search, 0, -2);
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic