search keywords

dux

Hi all -

I'm making a basic search function for a weblog and I'm finding when certain characters are entered in as part of a keyword (ie '?' ), the PHP is whacking out.

What's the best way of making the keyword 'safe' for a simple SQL LIKE $keyword search?

cheers boss'

onion2k

You should be fine so long as your sql statement is properly constructed with addslashes() and 's around input things.

So your SQL statement in PHP should be something like:

$sql = "select * from table where title like '%".addslashes($searchterm)."%'";

A ? shouldn't mess it up. If it does, theres a problem somewhere, and you'll need to post some code here for us to help.