S
S
sacred12014-11-27 15:31:54
PHP
sacred1, 2014-11-27 15:31:54

What is the best way to organize a database search?

Hello!
There is an input with type "text" (that is, a data search field). In the database itself, there is 1 table with 3 columns (Last Name, First Name, Patronymic).
What is the best way to organize an sql query to this database so that the data entered by the user (note - Pupkin Vasya Alekseevich) can be divided into last name .. first name .. and patronymic, so that you can compare the data separately in the future. That is, a search, for example, by Pupkin in the Surname table, such a user exists, then the following condition occurs .. we already find the name Vasya in the table this name, if we find such Vasya Pupkin, then we display it. all the full name goes to one variable, if so, how to do it? ... Of course, the syntax is of most interest ..
Now the actual query to the database is:

$sql = "SELECT name,patronymic,surname FROM peoples WHERE name LIKE '$text_search%' OR surname LIKE '$text_search%'";

But as you yourself understand, this is no good, because it only works if you enter data separately in the search field.
Thank you very much in advance!

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
Armenian Radio, 2014-11-27
@gbg

To begin with, this query is a potential SQ injection hole.
Next, try searching inside the concatenation:
First, you need to remove all characters from $text_search, except for letters of the alphabet, and replace all spaces with exactly one space.
And to protect against SQL injection, you should never build any query by concatenation.

T
Terminaft, 2014-11-27
@Terminaft

Try like this:

$text_search = 'Vasily Pupkin Alexeevich';
$arr_split = preg_split('/\W+/', $text_search);
$search = implode(', ', $arr_split);

$sql = "SELECT .. FROM .. WHERE name IN($search) OR surname IN($search) OR patronymic IN($search)";

You can simply put a regular on a space.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question