Question
https://stackoverflow.com/questions/22181854
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSELECT * FROM `entries` WHERE MATCH(`title`) AGAINST('Linux\'s')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's'' at line 1
I don't have the vaguest idea why this error persists when the quote is escaped.
PS: The upper query works in phpMyAdmin.
class SmalllightSearch extends Smalllight {
//----- SEARCH BY FIELD VALUE -----\\
public function searchByFieldValue($field, $value, $smart = true, $limit = NULL, array $orderby = NULL) {
$value = mysql_real_escape_string($value);
$entries = array();
$q = "SELECT * FROM `".$this->table."` WHERE MATCH (`$field`) AGAINST ('$value')";
echo $q;
if($orderby != NULL) {
$list = array();
foreach($orderby as $k => $v) { array_push($list, '`'.$k.'` '.$v); }
$order = implode(', ', $list);
$q .= ' ORDER BY '.$order;
}
if($limit != NULL) { $q .= ' LIMIT '.$limit; }
$r = mysql_query($q) or die(mysql_error());
while($row = mysql_fetch_assoc($r)) {
array_push($entries, $row);
}
if($smart == true) {
$right = new Smalllight('right');
$wrong = new Smalllight('wrong');
$words = str_word_count($value, 1);
foreach($words as $word_key => $word_value) {
$find_right = $right->findByFieldValue('value', $word_value);
if($find_right == false) {
$find_wrong = $wrong->findByFieldValue('value', $word_value);
if($find_wrong == true) {
$pair_right = $right->findById($find_wrong[0]['right_id']);
$words[$word_key] = $pair_right['value'];
}
else {
$pattern_right = $right->findByPattern('value', $word_value, 5, array('occur' => 'DESC'));
if($pattern_right == true) {
foreach($pattern_right as $pattern_key => $pattern) {
similar_text($word_value, $pattern['value'], $similar);
if($similar >= 70 && $word_value !== $pattern['value']) {
$wrong->setValue('right_id', $pattern['id']);
$wrong->setValue('value', $word_value);
$wrong->store();
$words[$word_key] = $pattern['value'];
}
}
}
}
}
}
$meaning = implode(' ', $words);
if($meaning != $value) {
$link = implode('+', $words);
echo 'Did you mean: <a href="index.php?search='.$link.'">'.$meaning.'</a><br/>';
}
return $entries;
}
elseif($smart == false) {
return $entries;
}
}
}
This is how I execute it:
if($_GET['search']) {
$slight = new SmalllightSearch('entries');
$entries = $slight->searchByFieldValue('title', $_GET['search']);
if($entries == true) {
foreach($entries as $entry) {
echo '<b>'.$entry['title'].'</b><br/>'.$entry['body'].'<br/><br/>';
}
}
else {
echo '<br/>No results found for: <b>'.$_GET['search'].'</b>';
}
}
There is no need to echo right before, because the limit and orderby parameters are not set.
No correct solution
OTHER TIPS
It obviously doesn't work in php because \' is treated as an escape sequence, thus it's parsed by php.
So you need to escape a slash as well
AGAINST('Linux\\\'s')
PS: if you used prepared statements or at least properly used escape functions your mysql client provides - it wouldn't be an issue.
This is the PHP code (part of it):
public function searchByFieldValue($field, $value, $smart = true, $limit = NULL, array $orderby = NULL) {
$value = mysql_real_escape_string($value);
$entries = array();
$q = "SELECT * FROM `".$this->table."` WHERE MATCH (`$field`) AGAINST ('$value')";
echo $q;
And this is the output:
SELECT * FROM entries WHERE MATCH (title) AGAINST ('Linux\'s')You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's'' at line 1
The problem is solved, I needed to add '\' in the str_word_count() function so it would recognise \ as part of a word.
$words = str_word_count($value, 1, '\\');
