Making search in BOOLEAN MODE safe

[PixelBoy]

Hi everyone, I am creating a small search function in BOOLEAN MODE and it works fine.
But I asked myself how to make the query string hack prove since it is on a public website.

I read somewhere that for the querystring the only thing needed is to set mysql_set_charset() and mysql_real_escape_string enclosed in quotes.
Is that a myth? What about special keywords does it need filtering?

[PixelBoy]

how to make the query string hack prove

I meant to say hack proof... Always a tricky thing English

[tom8]

I too would like to know. Hope members here will comment.

[StarLion]

'hack proof'. Whenever i hear that phrase, I want to laugh. It's not a question of being hack-proof, but making it as difficult as possible.

real_escape_string is a good first step. Filtering and sanitizing your data is better. What data do you need to take in?

[PixelBoy]

I am glad I made someone laugh today

The data I need to take in is numerical, alphabetical and some latin characters (utf-8)
and make it so that the user still can double quote for example "John Doe".

[PixelBoy]

Ok here an example of a search

GET data input example 1 = "Stephen O'Reiley"
GET data input example 2 = Marie-Élise
GET data input example 3 = 0123456789

Process search
@mysql_set_charset('utf8', $db_connection);
$query = mysql_real_escape_string($_GET['input']);
$search= @mysql_query("SELECT * FROM articles WHERE MATCH (articlecode, name, description) AGAINST ('$query' IN BOOLEAN MODE) LIMIT 1, 5");

Is this ok for safety or should I add more filters?

[PixelBoy]

Still struggling with the same question here... How about some keyword filtering? Such as 'AND OR *' Is that necessary and or a good solution?