Solved

Select rows that contain a specific word (mysql - php)

Posted on 2009-07-10
5
265 Views
Last Modified: 2012-05-07
Hi E's, snippet code contain the code I use to find rows that = $ppp. This code just word when $ppp is exact match of assoc_simultaneo contain.
If the contain of assoc_simultaneo was "one two five twenty" and if $ppp was = "five", the row is not selected. The row was selected if $ppp was = "one two five twenty".
What I want is if $ppp contain one of the words of assoc_simultaneo, the row will be selected. I try to change '$ppp' to '%$ppp%', but don't word.

What changes I have to in my code?

Regards, JC

$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo = '$ppp'", $db);

$assoc_rows = mysql_num_rows($assoc_result);

$assoc = mysql_fetch_object($assoc_result);

Open in new window

0
Comment
Question by:Pedro Chagas
5 Comments
 
LVL 8

Accepted Solution

by:
stefanx earned 125 total points
ID: 24827879
$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%$ppp%'", $db)
0
 
LVL 28

Assisted Solution

by:gamebits
gamebits earned 125 total points
ID: 24827884
mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%$ppp%'", $db);
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 24828028
In case nobody's said this before, it's good programming practice to always sanitize any variables that are used in queries. For example, if $ppp is provided by a user coming to a web page and typing in something to search for, then a user could search for:

%';DROP TABLE keywords;SELECT * FROM whatever WHERE blah LIKE '%

Then, when the query runs, it would execute this query:

$assoc_result = mysql_query("SELECT * FROM keywords where assoc_simultaneo LIKE '%%';DROP TABLE keywords;SELECT * FROM whatever WHERE blah LIKE '%%'", $db);

MySQL isn't smart enough to catch that type of stuff, so it would just run three queries:
SELECT * FROM keywords where assoc_simultaneo LIKE '%%';
DROP TABLE keywords;
SELECT * FROM whatever WHERE blah LIKE '%%';

Presto, the user has just deleted your entire keywords table. It's called SQL injection and there are a lot of articles out on the web on how to prevent this type of thing.

This is just for educational purposes - stefanx and gamebits gave you good answers.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 24828037
I guess you awarded the points while I was writing that up, so ignore the last line. It made more sense when you hadn't awarded the points yet. :)
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 24828254
Thanks @gr8gonzo.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now