search engine problems

Smudly

Hi, I'm having two issues with my Search engine for my website. It is created to search through my database (it doesn't crawl through pages). The first problem I'm having is when I type in for example:
Super Mario Bros
and there is a row in my table with a field called Super Mario Brothers
this row is not included as a successful result to the search. I need to somehow modify my code to search every word in every table cell in the database.

So another example. I have 5 rows, each with one cell, named as follows:
One
Two
Three
Four
Five
If I was to type in the search box:
One Two Three Four Five
it should display all rows (it obviously doesn't do that right now lol)

The second issue has to do with my sql query.
It looks like this:

$query = "select * from sheets where artist like \"%$trimmed%\" OR title like \"%$trimmed%\" 
  order by artist"; 
 $numresults=mysql_query($query);

I need this query to search in the columns artist and title (like it is doing above) AS WELL as search only those rows that have an active status set to 'yes'.
I tried to type something like:

$query = "select * from sheets where active='yes' && artist like \"%$trimmed%\" OR title like \"%$trimmed%\" 
  order by artist";

but this obviously causes problems. How do i require the query to include rows that are active, but have it look through artist OR title as well?

Here is my code below. Any insight appreciated. Will be working on it til someone is available. Thanks

<?php
  include_once('inc/functions.php');
  // Get the search variable from URL

  $var = @mysql_safe($_GET['q']) ;
  $trimmed = trim($var); //trim whitespace from the stored variable

// rows to return
$limit=10000; 
// check for an empty string and display a message.
if ($trimmed == "")
  {
  $error = "<tr><td colspan='2' style='text-align: center; border-style: solid; border-color: #f43636; background-color: #fe6a6a;'><strong>Type In A Sheet To Search For</strong></td></tr>";
  }

// check for a search parameter
if (!isset($var))
  {
    $error = "<tr><td colspan='2' style='text-align: center; border-style: solid; border-color: #f43636; background-color: #fe6a6a;'><strong>Type In A Sheet To Search For</strong></td></tr>";
  }

// Build SQL Query  

$query = "select * from sheets where artist like \"%$trimmed%\" OR title like \"%$trimmed%\" 
  order by artist"; 

 $numresults=mysql_query($query);
 $numrows=mysql_num_rows($numresults);

// If we have no results

if ($numrows == 0)
  {
// If search was not found
  $error = "<tr><td colspan='2' style='text-align: center; border-style: solid; border-color: #f43636; background-color: #fe6a6a;'><strong>Unfortunately that sheet was not found, however, please request it by clicking below</strong></td></tr><tr><td colspan='2' style='text-align: center; border-left-style: solid; border-bottom-style: solid; border-right-style: solid; border-color: #f43636; background-color: #f5f5f5;'><a href='request.php'>Request A Sheet Here</a></td></tr>";
  }

// next determine if s has been passed to script, if not use 0
  if (empty($s)) {
  $s=0;
  }

// get results
  $query .= " limit $s, $limit";
  $result = mysql_query($query) or die("Couldn't execute query");
  $search = "&nbsp;";
  $break = "<br />";
if($var!=""){
	$search = "Search:";
	$break = "";
}
?>
<br /><div id='headsearch'></div>
<div style="width: 210px; margin-left: auto; margin-right: auto; text-align: center;">
<form name="form" action="search.php" method="get">
  <div style="float: left;"><input type="text" name="q" /></div>
  <div style="float: right;"><input type="image" src="img/search.png" alt="Search" name="Submit" value="Search" /></div>
</form>
</div>
<?php
// display what the person searched for
echo "<center><div style='width: 210px; margin-left: auto; margin-right: auto; text-align: center;'>$search <span style='color: #6aa504; margin-left; auto; margin-right: auto;'>" . stripslashes($var) . "</span></div></center>";
?>

<?php

// begin to show results set
$count = 1 + $s ;


  $greenboxleft = "greenboxleft";
  $greenboxright = "greenboxright";
  $grayboxleft = "grayboxleft";
  $grayboxright = "grayboxright";
  $colorvalue = 0;

echo "$break<table width='700px' align='center' style='border-collapse:separate;
border-spacing:0px;'><th style='background-color: #93DB70; border-bottom-style: solid; border-color: #6aa504;'>Artist</th><th style='background-color: #93DB70; border-bottom-style: solid; border-color: #6aa504;'>Title</th>";
if($error==""){
// now you can display the results returned
  while ($row= mysql_fetch_array($result)) {
  $artist = $row["artist"];
  $title = $row["title"];

  if(($colorvalue%2)==0){
  $styleleft = $greenboxleft;
  $styleright = $greenboxright;
  }
  else{
  $styleleft = $grayboxleft;
  $styleright = $grayboxright;
  }


echo "<tr>";
  echo "<td align='center' width='350px' id='$styleleft'><div id='songsboxleft'><strong>". ucwords($row['artist']). "</strong></div></td>";
  echo "<td align='center' width='350px' id='$styleright'><div id='songsboxright'><a target='_blank' name='downloadclick' href='download.php?sheet=".$row['url']."&artist=".$row['artist']."&title=".$row['title']."'>" .ucwords($row['title']). "</a></div></td>";

echo "</tr>";
$colorvalue++;
}
}
else{
	echo $error;
}

echo "</table>";  
?>

dagon

i would read up on full text searching in mysql, it will give you the power you are after

johanafm

Smudly;10964234 wrote:
and there is a row in my table with a field called Super Mario Brothers

A point of semantics: the field is not called Super Mario Brothers, but it has that value. Your meaning is clear in this particular instance, but might be confusing in others.

Smudly;10964234 wrote:
Super Mario Bros
Super Mario Brothers

You could do like this, assuming you want to match each search word against the title

$searchString = 'Super Mario Bros';
$searchArray = explode(' ', $searchString);
$searchString = "(tile like '%" . implode("%' OR title like '%", $searchArray) . "%')";
$query = 'SELECT field1, field2 FROM sheets WHERE ' . $searchString;

The other way to deal with it would be to use MATCH ... AGAINST, but MySQL only has support for full text search with its MyISAM db engine, which may not be acceptable for other reasons: It doesn't enforce referential integrity constraints, and it lacks transaction support which means it's not ACID-compliant (atomicity, consistency, isolation, durability).

Smudly;10964234 wrote:
So another example. I have 5 rows, each with one cell, named as follows:

Here I actually first read this as you were having a (badly designed) table looking like

id   somefield   otherfield   One   Two   Three   Four   Five

which is why terminology is important. But the above should be covered in my first code example.

Smudly;10964234 wrote:
The second issue has to do with my sql query. (...) AS WELL as search only those rows that have an active status set to 'yes'
It looks like this:
[code=php]$query = "select * from sheets where active='yes' && artist like \"%$trimmed%\" OR title like \"%$trimmed%\"

First off, don't use double quotes " for quoting character string literals. According to standard SQL, single quotes are used for quoting string literals, while double quotes are used to quote identifiers, i.e.

SELECT "date", "select" FROM "table" WHERE "select"='string literal'

MySQL uses backtick ` to quote identifiers, and allows either single or double quote to quote string literals. Still, I'd rather recommend staying away from identifiers which need to be quoted, and stick to single quoting string literals. This way, your SQL statements will be portable accross different SQL DBMS, or at least have a high chance of being portable.
A second similar point involves the use of && (and) and || (or), since they are not defined in the standard. The boolean operators are: NOT, AND, OR.

Apart from that, I suspect your only problem with the query is that you're not accounting for operator precedence, which is also defined in the standard. Precedence for logical operators are:
1. NOT
2. AND
3. OR
which means

WHERE NOT field1 AND field2 OR field3
-- is equivalent to
WHERE ((NOT field1) AND field2) OR field3

while you seem to want

WHERE field1 AND (field2 OR field3)

I've only used a couple of languages, but all of those have the same operator precedence for logical operators. So does PHP, but in PHP it's also worth noting that there are two and-operators and two or-operators. Each of those sets follow the above, but one of the sets comes before the other. Precedence, top to bottom: !, &&, ||, and, or
When in doubt, consult the documentation, or use parentheses to ensure that you get the right expression.

Smudly;10964234 wrote:
Here is my code below.
<?php
  $var = @mysql_safe($_GET['q']) ;

What is mysql_safe()? There allready exists a function called mysql_real_escape_string which really is "mysql-safe" for string literals, no matter how you modify MySQL through configuration file or through run time command and statements. This funciton needs a connection to the database, since it actually checks the settings before escaping strings. Use this function, and no other.
Do not use the error suppression operator @, unless you have one of the _extremely_ few situations where there is no other way to avoid warnings or errors.

# db connection has to be made first. I assume it's called $link
$var = mysql_real_escape_string( (isset($_GET['q']) ? $_GET['q'] : ''), $link);