3raser Posted February 8, 2010 Share Posted February 8, 2010 $keywords = $_POST['keywords']; //protection $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', ''); $output = str_replace($before, $after, $keywords); //display data $get = mysql_query("SELECT * FROM items WHERE keywords='$keywords'"); while ($row = mysql_fetch_assoc($get)) That only makes it get items that are the EXACT NAME. But how do I get it so it uses the keywords in the database? Like their is an Item named Pixel, you search pix and it doesn't work. But if you do Pixel, it will. :/ Quote Link to comment https://forums.phpfreaks.com/topic/191299-better-searching/ Share on other sites More sharing options...
3raser Posted February 8, 2010 Author Share Posted February 8, 2010 Anyone?...I need to go soon. -.- Quote Link to comment https://forums.phpfreaks.com/topic/191299-better-searching/#findComment-1008617 Share on other sites More sharing options...
premiso Posted February 8, 2010 Share Posted February 8, 2010 Use the LIKE operator. keywords LIKE '%$keywords%' The % is a wildcard character. Quote Link to comment https://forums.phpfreaks.com/topic/191299-better-searching/#findComment-1008618 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.