View Full Version : looking for a search class for php
04-30-2007, 04:45 PM
I have a basic search routine written in php I use on sites, but I was wondering if anyone
has a favorite php class or code snippett they use that can search a database,
AND employ logic operators (+, -, |) .. and maybe even quotes...
all while avoiding malicious injection :)
I can search hotscripts and the other myriad of script sites, but I would prefer
something that someone can recommend and has experience with.
Anything come to mind?
05-01-2007, 07:27 AM
If you just want a class have a look at Zend framework which contains a port of Lucene http://framework.zend.com/manual/en/zend.search.html I've only played with it rather than using it for a real project.
MySQL 4+ has full text search capabilities which you might find satisfies your needs http://dev.mysql.com/doc/refman/5.0/en/fulltext-search.html
If you're after a site search engine then have a look at http://cs.ioc.ee/~ando/sphider/ I did play with it a while ago but never used it in anger.
Which is best all depends on what you are trying to achieve.
05-04-2007, 05:27 PM
Just a note to tell people to look for the use of something like...
$sql .= "and fieldname = '" . addslashes($fieldvalue) . "'";
Of course this can depend on whether or not slashes are added automatically... but if they are, then they mess up on page displays, perhaps doubling up on form redisplay, and may be stripped out anyway (if the feature isn't turned off entirely on your server).
A lot of amateur code contains almost zero protection against SQL shenanigans or field values not constrained by use of a browser form to generate GET/POST values.