in reply to MySQL Keyword Search

From your description it seems like you want the 'keyword' to be broken up at whitespace: 
my @words = split /\s+/,$keyword;
my @list;
my $where = join(' OR ',
    map { 
        my $col = $_; 
        map { push @list, "%$_%"; "$col like ?" } @words
    } qw(mfg productID desc)
);
my $sth = $dbh->prepare('SELECT * FROM productTable WHERE ' . $where);
$sth->execute(@list);

[download]

Note the use of placeholders - the ? signs. Don't use a CGI param directly in a SQL query! *) Run your CGIs with the -T switch and untaint your data (see perlsec).

*) what happens if the keyword is something like 'foo; drop productTable; select 1 where 0' ?

--shmem 

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Replies are listed 'Best First'.
Re^2: MySQL Keyword Search
by richm05 (Initiate) on Aug 16, 2007 at 00:32 UTC
    shmem,

    Thank you so much for the quick response. Your solution worked beautifully, it was exactly what I was looking for. I have never used the map function before and am still trying to figure out exactly why it works the way it does. It seems similar to join but with more options. I have so much to learn.

    Regards,
    Rich
[reply]

In Section Seekers of Perl Wisdom