SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Guru hisham777's Avatar
    Join Date
    Dec 2005
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question cleaning search field

    hello,

    am working on a script which will enable me to search the DB
    using fulltext search feature.

    there is one field which is search

    what are the steps to consider before exicuting the Query security wise?

    thanks
    Never be shy to ask silly Qs
    An answer is always better than none

  2. #2
    SitePoint Guru hisham777's Avatar
    Join Date
    Dec 2005
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    reading few articles there are few considerations to use like

    mysql_real_escape_string()
    add_slashes()

    but this are unseffisien in my case Coz using this methos will change the
    key word used by the user. right ?

    so regular exp. be suffisient enough ?
    like removing ' ; . from the keyword input by the user
    Never be shy to ask silly Qs
    An answer is always better than none

  3. #3
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They won't change the keyword, they will make it fit into the query.

  4. #4
    SitePoint Guru hisham777's Avatar
    Join Date
    Dec 2005
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by earl-grey
    They won't change the keyword, they will make it fit into the query.
    thanks, after some search and trys
    using it in congection with

    this function i got from PHP tips Section.
    after modifying it, it should work like a charm.

    function clean_text($text)
    {
    $text = strip_tags($text);
    $text = htmlentities($text, ENT_QUOTES);
    $text = str_replace("\n", " ", $text);
    $text = eregi_replace(" +", " ", $text);
    $text = str_replace(". ", ". ", $text);
    $text = str_replace("? ", ". ", $text);
    $text = str_replace("! ", ". ", $text);
    $text = trim($text);
    return $text;
    }


    i think i should be fine

    any highlights please?
    Never be shy to ask silly Qs
    An answer is always better than none

  5. #5
    SitePoint Guru hisham777's Avatar
    Join Date
    Dec 2005
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by earl-grey
    They won't change the keyword, they will make it fit into the query.
    they do chamge the keyword

    example if i write fulltex't

    it will not find results Coz they keyword has been changed

    to fulltex\\\'t

    so back to squre one aahhh
    Never be shy to ask silly Qs
    An answer is always better than none

  6. #6
    SitePoint Guru hisham777's Avatar
    Join Date
    Dec 2005
    Posts
    802
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My bad its working like a charm.

    thanks for the help.
    Never be shy to ask silly Qs
    An answer is always better than none


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •