PHP Search Script - Need Help [ Urgent ]

[BlackTyger]

I am building a simple search engine script for my website which allows users to search for electronic devices that we have in our database.

 

Here is the HTML code.

<form name="search" action="search.php" method="get">
<input type="text" name="query" size="50" />
<input type="submit" name="submit" value="Search" />
</form>

 

Here is the PHP code.

<?php

error_reporting(0);

include 'config.php';

mysql_connect("localhost", "root", "password") or die(mysql_error());
mysql_select_db("maindatabase") or die(mysql_error());

// get the data from the form
$search_query = $_GET['query'];

// mysql query
$query = mysql_query("SELECT * FROM `products` WHERE productName LIKE '%$search_query%'");
$count_rows = mysql_num_rows($query);

echo "Results found: " . $count_rows;

?>

 

Here is the problem:

 

Whenever I enter  a single keyword in the search, the search brings some results. BUT, whenever I enter multiple keywords, the search brings 0 rows. For example:

 

I have a product called Sony Bravia Television 42 inches - 1080p HD in my database. When type "sony" in the search and press the search button, I only get 1 row as the result. But when I enter "sony television" in the seach, I get 0 row results. Why is that? What can I do to fix this problem? I want to return results that contain all the keywords that the search query had. Just like any search engine: Google, Yahoo, etc.

 

[sohaibshaheen]

BlackTyger: I am forced to assume you are novice.. So let me explain it to you before making an suggestion.

 

The search script you are using is vulnerable and totally non-workable. Let me shine some light on it.

 

First of all you are using the variable from GET method in mysql_search query directly , suppose some one searches..

query = "      'sony              " then your query will crash as single quote breaks the syntax.

So first thing you need to do is remove quotes using php functions e.g.

 

$new_text=mysql_real_escape_string($_GET['query']);

 

and use $new_text as search variable.

 

Secondly. When you search "sony television" it actually looks for exact phrase

" sony television " whereas you need to look 'sony' and 'television' separately at different locations in string.

 

So what you need to do is to : break the string into array and then look for each item separately.

 

e.g.

 

$broken_string=explode(" ",$_GET['query']);

now look for $broken[0]  and $broken[1] one by one ...

 

This is how it may be implemented:

 

foreach($broken as $value){

// look for $value in string and print

} 

 

Hope it answers the question!