PHP search multiple keywords in mysql

Question

Hi I've been trying to create a program like a search engine. So here's what I've got so far:

https://i.sstatic.net/EW5DU.jpg

I need to choose a symptoms on the select option then add it.
Those options that I added will begin to search on each rows on my Mysql Database. I need to output each matching keywords that I added. It's a real pain, so I wanna know how you will solve this.

Here's my code:

$x = 0;
for($x; $x < 10;$x++) {

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a0']}%' AND id = $x ";
  $sel1 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a1']}%' AND id = $x ";
  $sel2 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a2']}%' AND id = $x ";
  $sel3 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a3']}%' AND id = $x ";
  $sel4 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a4']}%' AND id = $x ";
  $sel5 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a5']}%' AND id = $x ";
  $sel6 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a6']}%' AND id = $x ";
  $sel7 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a7']}%' AND id = $x ";
  $sel8 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a8']}%' AND id = $x ";
  $sel9 = mysqli_query($connect,$selx);

  $selx = "SELECT * FROM sicks WHERE tags LIKE '%{$_POST['a9']}%' AND id = $x ";
  $sel10 = mysqli_query($connect,$selx);

  $c1 = mysqli_num_rows($sel1);
  $c2 = mysqli_num_rows($sel2);
  $c3 = mysqli_num_rows($sel3);
  $c4 = mysqli_num_rows($sel4);
  $c5 = mysqli_num_rows($sel5);
  $c6 = mysqli_num_rows($sel6);
  $c7 = mysqli_num_rows($sel7);
  $c8 = mysqli_num_rows($sel8);
  $c9 = mysqli_num_rows($sel9);
  $c10 = mysqli_num_rows($sel10);

  $q2 = mysqli_query($sel2);
  $q3 = mysqli_query($sel3);
  $q4 = mysqli_query($sel4);
  $q5 = mysqli_query($sel5);
  $q6 = mysqli_query($sel6);
  $q7 = mysqli_query($sel7);
  $q8 = mysqli_query($sel8);
  $q9 = mysqli_query($sel9);
  $q10 = mysqli_query($sel10);
  $q1 = mysqli_query($sel1);

  $row = mysqli_fetch_array($q2);
  $_SESSION['news'] = $row['tags'];

  $every = $c1 + $c2 + $c3 + $c4 + $c5 + $c6 + $c7 + $c8 + $c9 ;

  echo $every;
}

The {$_POST['a0']}, {$_POST['a1']}, ... are the keywords came from the select option.

My JavaScript:

$('.sendit').click(function() {
  a0 = $('.a0').val();
  a1 = $('.a1').val();
  a2 = $('.a2').val();
  a3 = $('.a3').val();
  a4 = $('.a4').val();
  a5 = $('.a5').val();
  a6 = $('.a6').val();
  a7 = $('.a7').val();
  a8 = $('.a8').val();
  a9 = $('.a9').val();
  a10 = $('.a10').val();

  $.ajax({
    url:"function.php?sendit=true",
    type:"post",
    data:{a0:a0,
    a1:a1,
    a2:a2,
    a3:a3,
    a4:a4,
    a5:a5,
    a6:a6,
    a7:a7,
    a8:a8,
    a9:a9,
    a10:a10},
    success:function(data) {
      $('.texta').html(data);
    }
  });

  return false;
});

NYG · Accepted Answer

I don’t know why you’re calling mysqli_query two times, maybe it’s the context of your code.

I suggest you to always make the SQL server to these jobs. The interfacing language (especially php) may not exactly be as efficient as the SQL server.

My advice is to use the OR operator in the WHERE clause, so you’ll send only one query.

$selx = "SELECT * FROM sicks WHERE
(tags LIKE '%{$_POST['a0']}%' OR 
tags LIKE '%{$_POST['a1']}%' OR 
tags LIKE '%{$_POST['a2']}%' OR 
) AND id = $x";

Note: this code is SQL injectable. I suggest you to use str_replace on your $_POST values:

$_POST['a0'] = str_replace("'", "'", $_POST['a0']);

This will double all the single quotes, which are already used to delimit the strings.

About the SQL injection.

PHP search multiple keywords in mysql

Answers (2)

Related Questions