Select rows that contain a specific word (mysql - php)

Posted on 2009-07-10
Last Modified: 2012-05-07
Hi E's, snippet code contain the code I use to find rows that = $ppp. This code just word when $ppp is exact match of assoc_simultaneo contain.
If the contain of assoc_simultaneo was "one two five twenty" and if $ppp was = "five", the row is not selected. The row was selected if $ppp was = "one two five twenty".
What I want is if $ppp contain one of the words of assoc_simultaneo, the row will be selected. I try to change '$ppp' to '%$ppp%', but don't word.

What changes I have to in my code?

Regards, JC

$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo = '$ppp'", $db);
$assoc_rows = mysql_num_rows($assoc_result);
$assoc = mysql_fetch_object($assoc_result);

Open in new window

Question by:Pedro Chagas
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

stefanx earned 125 total points
ID: 24827879
$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%$ppp%'", $db)
LVL 28

Assisted Solution

gamebits earned 125 total points
ID: 24827884
mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%$ppp%'", $db);
LVL 35

Expert Comment

ID: 24828028
In case nobody's said this before, it's good programming practice to always sanitize any variables that are used in queries. For example, if $ppp is provided by a user coming to a web page and typing in something to search for, then a user could search for:

%';DROP TABLE keywords;SELECT * FROM whatever WHERE blah LIKE '%

Then, when the query runs, it would execute this query:

$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%%';DROP TABLE keywords;SELECT * FROM whatever WHERE blah LIKE '%%'", $db);

MySQL isn't smart enough to catch that type of stuff, so it would just run three queries:
SELECT * FROM keywords where assoc_simultaneo LIKE '%%';
DROP TABLE keywords;
SELECT * FROM whatever WHERE blah LIKE '%%';

Presto, the user has just deleted your entire keywords table. It's called SQL injection and there are a lot of articles out on the web on how to prevent this type of thing.

This is just for educational purposes - stefanx and gamebits gave you good answers.
LVL 35

Expert Comment

ID: 24828037
I guess you awarded the points while I was writing that up, so ignore the last line. It made more sense when you hadn't awarded the points yet. :)

Author Comment

by:Pedro Chagas
ID: 24828254
Thanks @gr8gonzo.

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP: Filling Out/Creating a PDF 29 107
MySQL Persistent Connections 10 35
how to remove error in database 6 36
SQL Query Across Multiple Tables - Help 5 23
This article discusses how to create an extensible mechanism for linked drop downs.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question