Hi,

A user go to search.php and input the term. If the user want to search for an exact prhase it add to the search term " " just like Google do.

Example:

"apple"

But when the variable is passed to search_results.php it look like this:

//search_results.php
$var = $_GET['search_field'];

echo "User term: " . $var; // display \"apple\"
....

MySQL Query =...

I don't know why PHP add that \ to the string.

its because it is escaping the " character. Think about it if it echoed it straight out it would end up messing up the code.

Look up htmlentities and and encode it with ENT_QUOTES

$var = htmlentities($_GET, ENT_QUOTES);

Unless you really, REALLY trust your users, you need to validate $_GET; especially if you use that in your MySQL query

This is nothing to do with PHP, its all to do with the browsers trying to "URL Encode" the strings.

its because it is escaping the " character. Think about it if it echoed it straight out it would end up messing up the code.

Look up htmlentities and and encode it with ENT_QUOTES

$var = htmlentities($_GET, ENT_QUOTES);

Unless you really, REALLY trust your users, you need to validate $_GET; especially if you use that in your MySQL query

Well the issue is that I need the user to be able to use " " in order to search for an exact phrase under MySQL Full Text Search In Boolean Mode. So how I can do it? Moreover, Can you give me a hint with the validation? Az-0-9 +,-," "

There are two possibilities to solve this problem. One is that if you are getting php to write a link with non alpha/numeric characters then simply use the urlencode() function. If however you are using a form with method=get and posts those characters into the url automatically then simply use the stripslashes() function on your $_GET tag. Below is an example of both cases:

<?
//example one
$id=urlencode('$@^*$@#%asdf23049582034985');
echo '<a href="index.php?id='.$id.'">test</a>';

//example two
$_GET['variable']=stripslashes($_GET['variable']);
echo $_GET['variable'];
?>

That will give you something to try and google about.

There are two possibilities to solve this problem. One is that if you are getting php to write a link with non alpha/numeric characters then simply use the urlencode() function. If however you are using a form with method=get and posts those characters into the url automatically then simply use the stripslashes() function on your $_GET tag. Below is an example of both cases:

<?
//example one
$id=urlencode('$@^*$@#%asdf23049582034985');
echo '<a href="index.php?id='.$id.'">test</a>';

//example two
$_GET['variable']=stripslashes($_GET['variable']);
echo $_GET['variable'];
?>

That will give you something to try and google about.

Thanks. The second method work.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.