How to exclude %%% from search results

PeterdeB
PeterdeB used Ask the Experts™
on
Hi

I need to secure this script, it works as planned but returns results if one enters '%%%', I thought htmlentities would fix that but that is not the case, and htmlspecialchars does not fix it either, or it is in the wrong order?
function search_results($keywords) {
$returned_results = array();
$where = "";
$keywords = preg_split('/[\s]+/', $keywords);
$total_keywords = count($keywords);
foreach($keywords as $key=>$keyword) {
$where .= "`keywords` LIKE '%$keyword%'";
if ($key != ($total_keywords - 1)) {
$where .= " OR ";
}
}
$results = "SELECT `title`, LEFT(`description`, 70) as `description`, `url` FROM `articles` WHERE $where";
$results_num = ($results = mysql_query($results)) ? mysql_num_rows($results): 0;
if ($results_num === 0) {
return false;
} else {
while ($results_row = mysql_fetch_assoc($results)) {
$returned_results[] = array(
'title' => $results_row['title'],
'description' => $results_row['description'],
'url' => $results_row['url']
);
}
return $returned_results;
}
}

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2011
Commented:
You can just replace it with:

$keywords = str_replace('%', '', $keywords);
I think you are looking to add: AND NOT LIKE '%\%%'
http://dev.mysql.com/doc/refman/5.0/en/string-comparison-functions.html

HTH

Author

Commented:
Thanks for your fast and great help

Author

Commented:
@Derokorian: also thanks for your help, but the first answer solved it right away

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial