[Proto-Scripty] Re: How do I search for characters in order of input?
On Tue, Nov 11, 2008 at 7:15 PM, Walter Lee Davis [EMAIL PROTECTED] wrote: /** * A really nice tool to clean strings or arrays. * * @param mixed $mxdInput A string or an array * @return mixed same as input, but with trim and strip_tags applied to string or all elements of array, depending on imput format * @author Walter Lee Davis */ function clean($mxdInput){ if(is_string($mxdInput)) return trim(strip_tags($mxdInput)); $out = array(); foreach($mxdInput as $k=$v){ $out[$k] = clean($v); } return $out; } $_POST = clean($_POST); this still doesn't prevent sql injection - you need to use mysql_escape_string() to addslashes based on mysql special characters. -- Regards, The Honeymonster aka Daniel Llewellyn --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: How do I search for characters in order of input?
If you want to search for a string that matches starting at the beginning, not in the middle, then just remove the first wildcard (%) from your query: SELECT title FROM autocomplete_demo WHERE title LIKE ' . $_POST ['search'] . %' Now it will match on france, frank, or fragile, but not 'the frame' or infrangible or any other string that doesn't begin with fra. Walter On Nov 11, 2008, at 3:10 AM, alohaaaron wrote: Hi, I'm trying to modify the demo here http://wiseguysonly.com/demos/scriptaculous/ajax-autocompletion/ autocomplete.php which works great but I'd like to search character by character instead of searching for a character within the string itself. For example, If I have these strings in a database coffee and frank and I type fra I just want it to list frank, not coffee. The PHP script is below. Do I need to modify this an option for the new Ajax.Autcomplete(); that will do this? Thanks! $sql = SELECT title FROM autocomplete_demo WHERE title LIKE '% . $_POST['search'] . %'; $rs = mysql_query($sql); ? ul ? while($data = mysql_fetch_assoc($rs)) { ? li? echo stripslashes($data['title']);?/li ? } ? /ul --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: How do I search for characters in order of input?
just FYI i really would not use unsanitized $_POST data in the search, it can lead to SQL injection - Original Message - From: Walter Lee Davis [EMAIL PROTECTED] To: prototype-scriptaculous@googlegroups.com Sent: Tuesday, November 11, 2008 6:48 PM Subject: [Proto-Scripty] Re: How do I search for characters in order of input? If you want to search for a string that matches starting at the beginning, not in the middle, then just remove the first wildcard (%) from your query: SELECT title FROM autocomplete_demo WHERE title LIKE ' . $_POST ['search'] . %' Now it will match on france, frank, or fragile, but not 'the frame' or infrangible or any other string that doesn't begin with fra. Walter On Nov 11, 2008, at 3:10 AM, alohaaaron wrote: Hi, I'm trying to modify the demo here http://wiseguysonly.com/demos/scriptaculous/ajax-autocompletion/ autocomplete.php which works great but I'd like to search character by character instead of searching for a character within the string itself. For example, If I have these strings in a database coffee and frank and I type fra I just want it to list frank, not coffee. The PHP script is below. Do I need to modify this an option for the new Ajax.Autcomplete(); that will do this? Thanks! $sql = SELECT title FROM autocomplete_demo WHERE title LIKE '% . $_POST['search'] . %'; $rs = mysql_query($sql); ? ul ? while($data = mysql_fetch_assoc($rs)) { ? li? echo stripslashes($data['title']);?/li ? } ? /ul --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---
[Proto-Scripty] Re: How do I search for characters in order of input?
I thought about putting my usual warning in there, but I thought it would be simpler to leave it as originally written. /** * A really nice tool to clean strings or arrays. * * @param mixed $mxdInput A string or an array * @return mixed same as input, but with trim and strip_tags applied to string or all elements of array, depending on imput format * @author Walter Lee Davis */ function clean($mxdInput){ if(is_string($mxdInput)) return trim(strip_tags($mxdInput)); $out = array(); foreach($mxdInput as $k=$v){ $out[$k] = clean($v); } return $out; } $_POST = clean($_POST); Walter On Nov 11, 2008, at 1:57 PM, Alex Mcauley wrote: just FYI i really would not use unsanitized $_POST data in the search, it can lead to SQL injection --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Prototype script.aculo.us group. To post to this group, send email to prototype-scriptaculous@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en -~--~~~~--~~--~--~---