Making search in BOOLEAN MODE safe

[FONT=Arial][SIZE=3]Hi everyone, I am creating a small search function in BOOLEAN MODE and it works fine.
But I asked myself how to make the query string hack prove since it is on a public website.

I read somewhere that for the querystring the only thing needed is to set mysql_set_charset() and mysql_real_escape_string enclosed in quotes.
Is that a myth? What about special keywords does it need filtering?[/SIZE][/FONT]

I meant to say hack proof… Always a tricky thing English :wink:

I too would like to know. Hope members here will comment.

‘hack proof’. Whenever i hear that phrase, I want to laugh. It’s not a question of being hack-proof, but making it as difficult as possible.

real_escape_string is a good first step. Filtering and sanitizing your data is better. What data do you need to take in?

I am glad I made someone laugh today :wink:

The data I need to take in is numerical, alphabetical and some latin characters (utf-8)
and make it so that the user still can double quote for example “John Doe”.

Ok here an example of a search

GET data input example 1 = “Stephen O’Reiley”
GET data input example 2 = Marie-Élise
GET data input example 3 = 0123456789

Process search
@mysql_set_charset(‘utf8’, $db_connection);
$query = mysql_real_escape_string($_GET[‘input’]);
$search= @mysql_query(“SELECT * FROM articles WHERE MATCH (articlecode, name, description) AGAINST (‘$query’ IN BOOLEAN MODE) LIMIT 1, 5”);

Is this ok for safety or should I add more filters?

Still struggling with the same question here… :frowning: How about some keyword filtering? Such as ‘AND OR *’ Is that necessary and or a good solution?