Reply to Re: [PHP] Search problem — PHP — IT news, forums, messages

Posted by Rory Browne on 05/22/05 05:40

On 5/21/05, virtualsoftware@gmail.com <virtualsoftware@gmail.com> wrote:
> Hi,
>
> I need to build up a search module for a shop. If I make a basic search (product title for example) it is ok.
>
> $query = "SELECT product_id FROM products WHERE title LIKE '%$title%'";
>
> But i need an advance search for more than one field (title, description, price, weight)
> The problem is that i don't know which field is filled in by the user (title, description, price or weight)

Without error checking, or security code(ie supplied code contains SQL
injection vulnerability):
$sql = "SELECT product_id FROM products WHERE ";
if($_GET['title']){
$sql_ext[] = "title like '%{$_GET['title']}%' ";
}
if($_GET['description']){
$sql_ext[] = "description like '%{$_GET['description']}%' ";
}

$sql .= implode(" OR ", $sql_ext );

> I mean, the user can fill in all fields, or only price field, or title and weight etc
>
> How can i do the search?
>
> Thanks
>
>

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация