문제
https://stackoverflow.com/questions/22181854
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSELECT * FROM `entries` WHERE MATCH(`title`) AGAINST('Linux\'s')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's'' at line 1
I don't have the vaguest idea why this error persists when the quote is escaped.
PS: The upper query works in phpMyAdmin.
class SmalllightSearch extends Smalllight {
//----- SEARCH BY FIELD VALUE -----\\
public function searchByFieldValue($field, $value, $smart = true, $limit = NULL, array $orderby = NULL) {
$value = mysql_real_escape_string($value);
$entries = array();
$q = "SELECT * FROM `".$this->table."` WHERE MATCH (`$field`) AGAINST ('$value')";
echo $q;
if($orderby != NULL) {
$list = array();
foreach($orderby as $k => $v) { array_push($list, '`'.$k.'` '.$v); }
$order = implode(', ', $list);
$q .= ' ORDER BY '.$order;
}
if($limit != NULL) { $q .= ' LIMIT '.$limit; }
$r = mysql_query($q) or die(mysql_error());
while($row = mysql_fetch_assoc($r)) {
array_push($entries, $row);
}
if($smart == true) {
$right = new Smalllight('right');
$wrong = new Smalllight('wrong');
$words = str_word_count($value, 1);
foreach($words as $word_key => $word_value) {
$find_right = $right->findByFieldValue('value', $word_value);
if($find_right == false) {
$find_wrong = $wrong->findByFieldValue('value', $word_value);
if($find_wrong == true) {
$pair_right = $right->findById($find_wrong[0]['right_id']);
$words[$word_key] = $pair_right['value'];
}
else {
$pattern_right = $right->findByPattern('value', $word_value, 5, array('occur' => 'DESC'));
if($pattern_right == true) {
foreach($pattern_right as $pattern_key => $pattern) {
similar_text($word_value, $pattern['value'], $similar);
if($similar >= 70 && $word_value !== $pattern['value']) {
$wrong->setValue('right_id', $pattern['id']);
$wrong->setValue('value', $word_value);
$wrong->store();
$words[$word_key] = $pattern['value'];
}
}
}
}
}
}
$meaning = implode(' ', $words);
if($meaning != $value) {
$link = implode('+', $words);
echo 'Did you mean: <a href="index.php?search='.$link.'">'.$meaning.'</a><br/>';
}
return $entries;
}
elseif($smart == false) {
return $entries;
}
}
}
This is how I execute it:
if($_GET['search']) {
$slight = new SmalllightSearch('entries');
$entries = $slight->searchByFieldValue('title', $_GET['search']);
if($entries == true) {
foreach($entries as $entry) {
echo '<b>'.$entry['title'].'</b><br/>'.$entry['body'].'<br/><br/>';
}
}
else {
echo '<br/>No results found for: <b>'.$_GET['search'].'</b>';
}
}
There is no need to echo right before, because the limit and orderby parameters are not set.
올바른 솔루션이 없습니다
다른 팁
It obviously doesn't work in php because \' is treated as an escape sequence, thus it's parsed by php.
So you need to escape a slash as well
AGAINST('Linux\\\'s')
PS: if you used prepared statements or at least properly used escape functions your mysql client provides - it wouldn't be an issue.
This is the PHP code (part of it):
public function searchByFieldValue($field, $value, $smart = true, $limit = NULL, array $orderby = NULL) {
$value = mysql_real_escape_string($value);
$entries = array();
$q = "SELECT * FROM `".$this->table."` WHERE MATCH (`$field`) AGAINST ('$value')";
echo $q;
And this is the output:
SELECT * FROM entries WHERE MATCH (title) AGAINST ('Linux\'s')You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's'' at line 1
The problem is solved, I needed to add '\' in the str_word_count() function so it would recognise \ as part of a word.
$words = str_word_count($value, 1, '\\');
