Hi, I am trying to revise the following php script so that it can do a "exact full text" search mySQL table. The exact text is passed from another php scripts. Could someone give me a hint? I am a very very beginner for php programming and I bought this scripts.
<? $page_name="s_products.php"; // If you use this code with a different page ( or file ) name then change this
if(!isset($_REQUEST["start"])) { // This variable is set to zero for the first page $start = 0; } else $start = $_REQUEST["start"];
$eu = ($start - 0); $limit = 20; // No of records to be shown per page. $this1 = $eu + $limit; $back = $eu - $limit; $next = $eu + $limit;
if(isset($_REQUEST["searching"])) { if($_REQUEST["IndustryID"] == "" && $_REQUEST["Country"] == "") { $sqlProduct="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc"; } else if($_REQUEST["IndustryID"] == "" && $_REQUEST["Country"] != "") { $sqlProduct="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and seller.Country='".$_REQUEST['Country']."' and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and seller.Country='".$_REQUEST['Country']."' and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc"; } else if($_REQUEST["IndustryID"] != "" && $_REQUEST["Country"] == "") { $sqlProduct="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and Industry.IndustryID=".$_REQUEST['IndustryID']." and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and Industry.IndustryID=".$_REQUEST['IndustryID']." and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc"; } else if($_REQUEST["IndustryID"] != "" && $_REQUEST["Country"] != "") { $sqlProduct="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and Industry.IndustryID=".$_REQUEST['IndustryID']." and seller.Country='".$_REQUEST['Country']."' and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and Industry.IndustryID=".$_REQUEST['IndustryID']." and seller.Country='".$_REQUEST['Country']."' and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc"; } } else { $sqlProduct="select * from products,seller,seller_profile where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and CategoryID=".$_GET['CategoryID']." and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and CategoryID=".$_GET['CategoryID']." and productstatus=1 order by GoldMember desc"; }
</table> <? /////////////// Start the buttom links with Prev and next link with page numbers ///////////////// $industryid = $_REQUEST['IndustryID']; $country = mysql_escape_string($_REQUEST['Country']); $searching = $_REQUEST['searching']; $search = mysql_escape_string($_REQUEST['search']); echo "<table align = 'center' width='50%'><tr><td align='left' width='30%'>"; //// if our variable $back is equal to 0 or more then only we will display the link to move back //////// if($back >=0) { print "<a href='$page_name?start=$back&industryid=$industryid&country=$country&searching=$searching&search=$search'><font face='Verdana' size='2'>PREV</font></a>"; } //////////////// Let us display the page links at center. We will not display the current page as a link /////////// echo "</td><td align=center width='30%'>"; $i=0; $l=1; for($i=0;$i < $nume;$i=$i+$limit){ if($i <> $eu){ echo " <a href='$page_name?start=$i&industryid=$industryid&country=$country&searching=$searching&search=$search'><font face='Verdana' size='2'>$l</font></a> "; } else { echo "<font face='Verdana' size='4' color=red>$l</font>";} /// Current page is not displayed as link and given font color red $l=$l+1; }
echo "</td><td align='right' width='30%'>"; ///////////// If we are not in the last page then Next link will be displayed. Here we check that ///// if($this1 < $nume) { print "<a href='$page_name?start=$next&industryid=$industryid&country=$country&searching=$searching&search=$search'><font face='Verdana' size='2'>NEXT</font></a>";} echo "</td></tr></table>"; ?> </td> </Tr> <? include("footer.php"); ?>
In the future please make sure you wrap your code in [php][/php] tags as it preserves the formatting.
This script is uh. . . not very good and is horrendously insecure. I hope you didn't pay a lot for it. Everything that needs to change in order to make exact versus partial searches is in here:
PHP Code:
if(isset($_REQUEST["searching"])) { if($_REQUEST["IndustryID"] == "" && $_REQUEST["Country"] == "") { $sqlProduct="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc"; } else if($_REQUEST["IndustryID"] == "" && $_REQUEST["Country"] != "") { $sqlProduct="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and seller.Country='".$_REQUEST['Country']."' and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and seller.Country='".$_REQUEST['Country']."' and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc"; } else if($_REQUEST["IndustryID"] != "" && $_REQUEST["Country"] == "") { $sqlProduct="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and Industry.IndustryID=".$_REQUEST['IndustryID']." and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and Industry.IndustryID=".$_REQUEST['IndustryID']." and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc"; } else if($_REQUEST["IndustryID"] != "" && $_REQUEST["Country"] != "") { $sqlProduct="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and Industry.IndustryID=".$_REQUEST['IndustryID']." and seller.Country='".$_REQUEST['Country']."' and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile,industry,categories where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and products.CategoryID=categories.CategoryID and categories.IndustryID=industry.IndustryID and Industry.IndustryID=".$_REQUEST['IndustryID']." and seller.Country='".$_REQUEST['Country']."' and (products.ProductName LIKE '%".$_REQUEST['search']."%' or products.ProductKeyword LIKE '%".$_REQUEST['search']."%' or products.ProductDescription LIKE '%".$_REQUEST['search']."%' or products.PlaceOfOrigin LIKE '%".$_REQUEST['search']."%' or products.BrandName LIKE '%".$_REQUEST['search']."%') and productstatus=1 order by GoldMember desc"; } } else { $sqlProduct="select * from products,seller,seller_profile where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and CategoryID=".$_GET['CategoryID']." and productstatus=1 order by GoldMember desc limit $eu, $limit";
$sqlProducttot="select * from products,seller,seller_profile where products.SellerID=seller.SellerID and seller.SellerID=seller_profile.SellerID and CategoryID=".$_GET['CategoryID']." and productstatus=1 order by GoldMember desc"; }
All of these queries are issuing LIKE commands. To issue exact you would use = comparisons without the use of wildcards %. You could do both via checkboxes as well to determine if its supposed to be an exact or partial match. Currently the SQL won't make use of indexing since it matches a like within a string instead of beginning the string, so as you increase the number of records, so will the time to search.
This code is such a mess that it would IMO be easier to rewrite it completely than to fix it.
Before you post, read our: 
