troubleshooting Question

How to exclude %%% from search results

Avatar of PeterdeB
PeterdeBFlag for Netherlands asked on
PHP
4 Comments1 Solution326 ViewsLast Modified:
Hi

I need to secure this script, it works as planned but returns results if one enters '%%%', I thought htmlentities would fix that but that is not the case, and htmlspecialchars does not fix it either, or it is in the wrong order?
function search_results($keywords) {
$returned_results = array();
$where = "";
$keywords = preg_split('/[\s]+/', $keywords);
$total_keywords = count($keywords);
foreach($keywords as $key=>$keyword) {
$where .= "`keywords` LIKE '%$keyword%'";
if ($key != ($total_keywords - 1)) {
$where .= " OR ";
}
}
$results = "SELECT `title`, LEFT(`description`, 70) as `description`, `url` FROM `articles` WHERE $where";
$results_num = ($results = mysql_query($results)) ? mysql_num_rows($results): 0;
if ($results_num === 0) {
return false;
} else {
while ($results_row = mysql_fetch_assoc($results)) {
$returned_results[] = array(
'title' => $results_row['title'],
'description' => $results_row['description'],
'url' => $results_row['url']
);
}
return $returned_results;
}
}
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros