Answer the question
In order to leave comments, you need to log in
What is the best way to organize a database search?
Hello!
There is an input with type "text" (that is, a data search field). In the database itself, there is 1 table with 3 columns (Last Name, First Name, Patronymic).
What is the best way to organize an sql query to this database so that the data entered by the user (note - Pupkin Vasya Alekseevich) can be divided into last name .. first name .. and patronymic, so that you can compare the data separately in the future. That is, a search, for example, by Pupkin in the Surname table, such a user exists, then the following condition occurs .. we already find the name Vasya in the table this name, if we find such Vasya Pupkin, then we display it. all the full name goes to one variable, if so, how to do it? ... Of course, the syntax is of most interest ..
Now the actual query to the database is:
$sql = "SELECT name,patronymic,surname FROM peoples WHERE name LIKE '$text_search%' OR surname LIKE '$text_search%'";
Answer the question
In order to leave comments, you need to log in
To begin with, this query is a potential SQ injection hole.
Next, try searching inside the concatenation:
First, you need to remove all characters from $text_search, except for letters of the alphabet, and replace all spaces with exactly one space.
And to protect against SQL injection, you should never build any query by concatenation.
Try like this:
$text_search = 'Vasily Pupkin Alexeevich';
$arr_split = preg_split('/\W+/', $text_search);
$search = implode(', ', $arr_split);
$sql = "SELECT .. FROM .. WHERE name IN($search) OR surname IN($search) OR patronymic IN($search)";
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question