Php & mysql search query output
I have a movie database site and I have a little problem finding it. Suppose the movie name stored in the database is
Cultivation: Scientology and the Prison of Faith
As you can see there :
in the title.
When my users search Going Clear Scientology and the Prison of Belief
, they don't get any results, so if the title of the movie has '
, here's my search query:
SELECT * FROM movie WHERE title LIKE '%$search%'
How can I fix this?
source to share
Keep two things in mind when trying to insert into a database using php.
First, when you insert your data into the database, say, for example, the title of a movie "Going Clear: Scientology and the Prison of Faith", trim the extra lines, for example :. This will help you later.
Second, similar to the first, when you accept input from the user, sanitize it. Strings like ', $, \ ,? etc. that are not relevant. After that, you can search the database search.
I think your code is fine here.
select * from movie where title like 'Going%';
The above query works for me when I check it in my DB. Check if your search variable is initialized correctly.
You need to escape special characters in the string for use in the SQL statement. Always store this value type in the database after escaping the special character, and also pass your search query into the query after escaping the special character.
For this you must use
mysql_real_escape_string ()
For example:
$search = "Going Clear: Scientology and the Prison of Belief";
$search = mysql_real_escape_string($search);
$query= "SELECT * FROM movie WHERE title LIKE '%$search%'";
You can read here
http://php.net/manual/en/function.mysql-real-escape-string.php
source to share