Search the Community
Showing results for tags 'best practices'.
-
I want to add a search feature to my site so that users can search for videos. Let's say that a user conducts a search and I GET their search query: $squery = isset($_GET['query']) ? $_GET['query'] : ''; Now what should I do? What are the best practices to ensure the security of my database and to provide the most relevant results to the user? Here's what I've got so far. // Make sure a search query was entered. if($squery == '') { echo "<p>You didn't enter a search query.</p>"; } // Strip HTML tags. $squery = strip_tags($squery); // Trim white space. $squery = trim($squery); // Set minimum query length. $min_length = 3; // Make sure query length is more than minimum. if(strlen($squery) < $min_length) { echo "<p>The search query you entered is too short. The minimum number of characters is ".$min_length.".</p>"; } // Connect to MySQL. // Select database. // Escape search query. $squery = mysql_real_escape_string($squery); // Break query into keywords. $keywords = explode(' ', $squery); // Count number of keywords. $no_of_keywords = count($keywords); // If just one keyword, then build statement. if($no_of_keywords == 1) { $sql = "SELECT whatever FROM `video_table` WHERE (col1 LIKE '%.$squery.%' OR col2 LIKE '%.$squery.%')"; } // If multiple keywords, then build statement. else { $sql = "SELECT whatever FROM `video_table` WHERE "; for($i = 0; $i < $no_of_keywords; $i++) { $sql .= "(col1 LIKE '%.$keywords[$i].%' OR col2 LIKE '%.$keywords[$i].%')"; if($i < $no_of_keywords) { $sql .= " OR "; } } } // Run mysql query. $raw_results = mysql_query($sql, $con); // Put results into an array for later use. $results = mysql_fetch_array($raw_results); Can this code's security be improved? How can it be altered to provide more relevant results? Should I omit words such as "to" and "the" from the query? If so, how do I do it? Should I remove punctuation? As always, I appreciate your help. You guys have taught me LOADS!
-
I've never taken a logic class, or a CS class. This is likely very easy to anyone with any background in either topic. I have an array, $_SESSION['thresholds'], where I've given the array keys values such as "thresholdA", "thresholdB", "thresholdC", "thresholdD", etc. with corresponding elements that increase in value (5,15,50,75,etc.). They array is currently mapped in ascending order. I have a variable, $_SESSION['compare'], that I want to compare against all the elements in the $_SESSION['thresholds'] and, ultimately, I want to be able to echo/print the key of the largest array element that is less than the value of $_SESSION['compare']. Using the above values, if $_SESSION['compare'] == 21, then I would love to echo/print "thresholdB". What's the best method to accomplish this? Array_Walk? A switch statement? I first tried while() and was trying to use the pointer in the array, but I found that if I used next() to see if the next array element was larger, the actual use of next() within the while() statement caused the pointer to advance anyways. That seemed like the wrong path to take. The switch statement I've tried is failing, and I don't know how to use a comparison within an array_walk when I want to break out once the largest value is determined. This seems like such a basic function of array and variables but I'm struggling with this. Any advice would be much appreciated. Here's some of my tests that failed: reset($_SESSION['thresholds']); while( (current($_SESSION['compare']) < $_SESSION['thresholds']) and (key($_SESSION['thresholds']) <> 'thresholdMAX')) next($_SESSION['compare']); That final next() statement advances me one step too far. Should I use this and then backup one step? That might create problems of its own. Next I tried switch: switch ($_SESSION['compare']) { case ($_SESSION['compare'] >= $_SESSION['thresholds']['thresholdMAX']): $output = key($_SESSION['thresholds']['thresholdMAX']); break; case ($_SESSION['compare'] >= $_SESSION['thresholds']['thresholdD']): $output = key($_SESSION['thresholds']['thresholdD']); break; But that wasn't working and seems like the wrong way to go about this. Can anyone point me in the right direction? Thanks so much in advance!
- 3 replies
-
- beginner
- best practices
-
(and 3 more)
Tagged with:
-
Right now I'm working on a website for a record label. I need to write a script that switches between bands and pops band info based on user selection. If it was just PHP, the fields would be: string (band photo; url src to an img), an array of strings (streaming music; multiple url src to mp3 links), string (duration; this one is actually two dates that represent a span of time), array of strings (players; key & value pairs that represent band members and what they do in the band, i.e. drummer, bassist, etc.), string (band bio; it will need to be a couple paragraphs). Since I need to store this information in a database, I am first planning the structure for the table(s) that I will need to create for this. For now, I have three areas of concern. 1. Regarding the arrays, if the absolute max number of key/value pairs is ten, is it okay to store those in a single field? Or should I create another table and make a compound key to reference the main band table? 2. I plan to use either blob or text field for band bio. Any tips you would like to offer about those two data types would be helpful, though I will be doing plenty of reading about them regardless. 3. As for duration, can anyone think of any reason I should actually break that into two date fields? I don't think there will ever be a reason to run any calculations on how long they have been together, so I am thinking a string will be fine. If you disagree with that assessment, I wouldn't object to hearing your reasoning. Any input you can offer would be greatly appreciated!
- 6 replies
-
- architecture
- best practices
-
(and 1 more)
Tagged with: