Re: [PHP] Struggling with MySQL query

2011-08-09 Thread Alex Nikitin
Sorry but escaping doesnt protect against mysql injection either, it is not a good answer, nor does it really work, its an effort, yes, buuut in unicode world we pretty much have the ability to override what it means to be a character through best guess matching, etc, iiit just doesnt quite work; e

Re: [PHP] Struggling with MySQL query

2011-08-09 Thread Ashley Sheridan
David Green wrote: >Thank you all for the various suggestions. > >It now works with this: > >$find = strip_tags($find); >$find = trim($find); > >$data = mysql_query("SELECT * FROM news_items WHERE headline LIKE >'%$find%'"); > >Another "newb" question: does strip_tags() help at all in preventin

Re: [PHP] Struggling with MySQL query

2011-08-09 Thread David Green
Thank you all for the various suggestions. It now works with this: $find = strip_tags($find); $find = trim($find); $data = mysql_query("SELECT * FROM news_items WHERE headline LIKE '%$find%'"); Another "newb" question: does strip_tags() help at all in preventing SQL injection attacks? Kind reg

RE: [PHP] Struggling with MySQL query

2011-08-09 Thread Dajka Tamás
ay, August 09, 2011 4:55 PM To: David Green Cc: php-general@lists.php.net Subject: Re: [PHP] Struggling with MySQL query On Tue, Aug 9, 2011 at 10:14 AM, David Green wrote: [snip] > $data = mysql_query("SELECT * FROM news_items WHERE upper('headline') LIKE > '%$find%'&

Re: [PHP] Struggling with MySQL query

2011-08-09 Thread Andrew Ballard
On Tue, Aug 9, 2011 at 10:14 AM, David Green wrote: [snip] > $data = mysql_query("SELECT * FROM news_items WHERE upper('headline') LIKE > '%$find%'"); A couple things to consider. First, as a few others have pointed out, you probably want to remove the single quotes around the word headline in y

RE: [PHP] Struggling with MySQL query

2011-08-09 Thread Alex Nikitin
It would be easier and faster to convert your string to lower case, than perform the upper operation on every entry in the database. Also, just to point it out, your code is very vulnerable to SQL injection. But the suggestion is right, dump the query to make sure its correct, and check for mysql

RE: [PHP] Struggling with MySQL query

2011-08-09 Thread admin
> -Original Message- > From: David Green [mailto:simp...@gmail.com] > Sent: Tuesday, August 09, 2011 10:14 AM > To: php-general@lists.php.net > Subject: [PHP] Struggling with MySQL query > > Hi > > I have a simple from which uses the post method to get to my page > script > results.php >

RE: [PHP] Struggling with MySQL query

2011-08-09 Thread Dajka Tamas
Why not trying this: $q = "SELECT * FROM news_items WHERE upper('headline') LIKE '%".$find."%'"; echo $q; $data = mysql_query($q); ... And try running the echoed query in phpmyadmin, etc. Cheers, Tamas -Original Message- From: David Green [mailto:simp...@gmail.com] Sent: Tue