Select rows that contain a specific word (mysql - php)

Hi E's, snippet code contain the code I use to find rows that = $ppp. This code just word when $ppp is exact match of assoc_simultaneo contain.
If the contain of assoc_simultaneo was "one two five twenty" and if $ppp was = "five", the row is not selected. The row was selected if $ppp was = "one two five twenty".
What I want is if $ppp contain one of the words of assoc_simultaneo, the row will be selected. I try to change '$ppp' to '%$ppp%', but don't word.

What changes I have to in my code?

Regards, JC

$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo = '$ppp'", $db);
$assoc_rows = mysql_num_rows($assoc_result);
$assoc = mysql_fetch_object($assoc_result);

Open in new window

LVL 4
Pedro ChagasWebmasterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stefanxCommented:
$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%$ppp%'", $db)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gamebitsCommented:
mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%$ppp%'", $db);
0
gr8gonzoConsultantCommented:
In case nobody's said this before, it's good programming practice to always sanitize any variables that are used in queries. For example, if $ppp is provided by a user coming to a web page and typing in something to search for, then a user could search for:

%';DROP TABLE keywords;SELECT * FROM whatever WHERE blah LIKE '%

Then, when the query runs, it would execute this query:

$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%%';DROP TABLE keywords;SELECT * FROM whatever WHERE blah LIKE '%%'", $db);

MySQL isn't smart enough to catch that type of stuff, so it would just run three queries:
SELECT * FROM keywords where assoc_simultaneo LIKE '%%';
DROP TABLE keywords;
SELECT * FROM whatever WHERE blah LIKE '%%';

Presto, the user has just deleted your entire keywords table. It's called SQL injection and there are a lot of articles out on the web on how to prevent this type of thing.

This is just for educational purposes - stefanx and gamebits gave you good answers.
0
gr8gonzoConsultantCommented:
I guess you awarded the points while I was writing that up, so ignore the last line. It made more sense when you hadn't awarded the points yet. :)
0
Pedro ChagasWebmasterAuthor Commented:
Thanks @gr8gonzo.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
MySQL Server

From novice to tech pro — start learning today.