search query product name

vineet · 11-05-2012, 02:25 PM

hi all

First i want to match the search keyword with the product name in product table.

If the match is found then i want to fetch all the product details from product table for that product.

so i would like to know whether my code is fine or not.

can this be shortened

PHP Code:


			
<?
$searchword = $_REQUEST['searchword'];
$qry = "select product_name from product_table where product_name LIKE '%$searchword%'";
$result = mysql_query($qry);
if(mysql_num_rows($result) > 0)
{
    $searchqry = "select * from product_table where product_name LIKE '%$searchword%'";
    $searchresult = mysql_query($searchqry);
    while($searchrow = mysql_fetch_array($searchresult))
    {
    //echo product_details;
    }
}    
?>

vineet

>ssp-cdr< · 11-05-2012, 04:22 PM

use addslashes() when putting user input into an SQL query or else the presence of an apostrophe in it can cause problems

$qry = "select product_name from product_table where product_name LIKE '%".addslashes($searchword)."%'";