How do I broaden the scope of a MySQL LIKE query?

Question

I am building a simple live search based on this tutorial: http://blog.ninetofive.me/blog/build-a-live-search-with-ajax-php-and-mysql/

It works fine for queries like this with one word:

Or for queries with part of a word:

Or for queries with two words or parts of words where they occur together in the results being searched:

But if I search for two words that do not occur next to each other the query fails:

How would I modify my query so that I can search for any number of keywords that appear at any location in my results?

For example if my db has a record such as: The quick brown fox jumps over the lazy dog

I want a result to be returned if I search for: quick jumps dog or dog over not just quick brown or fox jumps or fox and so on.

I was thinking something along the lines of exploding my query if it has more than one word in it and then making my $search_string into an array of keywords for MySQL to query but I don't know if that is the best way to go about it.

Query:

// Get Search
$search_string = preg_replace("/[^A-Za-z0-9]+[.]/", " ", $_POST['query']);
$search_string = $tutorial_db->real_escape_string($search_string);

// Check Length More Than One Character
if (strlen($search_string) >= 1 && $search_string !== ' ') {

// Build Query
$query = 'SELECT * FROM search WHERE subsection LIKE "%'.$search_string.'%" OR def LIKE "%'.$search_string.'%" OR exception LIKE "%'.$search_string.'%" ORDER BY subsection ASC';

Full code:

<?php
/************************************************
    The Search PHP File
************************************************/


/************************************************
    MySQL Connect
************************************************/

// Credentials
$dbhost = "localhost";
$dbname = "livesearch";
$dbuser = "live";
$dbpass = "search";

//  Connection
global $tutorial_db;

$tutorial_db = new mysqli();
$tutorial_db->connect($dbhost, $dbuser, $dbpass, $dbname);
$tutorial_db->set_charset("utf8");

//  Check Connection
if ($tutorial_db->connect_errno) {
  printf("Connect failed: %s\n", $tutorial_db->connect_error);
  exit();
}

/************************************************
    Search Functionality
************************************************/

// Define Output HTML Formating
$html = '';
$html .= '<li class="result">';
$html .= '<a target="_blank" href="urlString">';
$html .= '<h2><b> codeString - yearString - chapterString - sectionString - SUBHERE</b></h1>';
$html .= '<h3>defString</h3>';

//try to add exception string
$html .= '</br><h3>exceptionString</h3>';

$html .= '</a>';
$html .= '</li>';

// Get Search
$search_string = preg_replace("/[^A-Za-z0-9]+[.]/", " ", $_POST['query']);
$search_string = $tutorial_db->real_escape_string($search_string);

// Check Length More Than One Character
if (strlen($search_string) >= 1 && $search_string !== ' ') {
  // Build Query
  //$query = 'SELECT * FROM search WHERE function LIKE "%'.$search_string.'%" OR name LIKE "%'.$search_string.'%"';

  $query = 'SELECT * FROM search WHERE subsection LIKE "%'.$search_string.'%" OR def LIKE "%'.$search_string.'%" OR exception LIKE "%'.$search_string.'%" ORDER BY subsection ASC';

  // Do Search
  $result = $tutorial_db->query($query);
  while($results = $result->fetch_array()) {
    $result_array[] = $results;
  }

  // Check If We Have Results
  if (isset($result_array)) {
    foreach ($result_array as $result) {
      // Format Output Strings And Hightlight Matches
      //$display_function = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['function']);
      //$display_name = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['name']);
      //$display_url = 'http://php.net/manual-lookup.php?pattern='.urlencode($result['function']).'&lang=en';

      // Format Output Strings And Hightlight Matches
      //Format code - ex IBC
      $display_code = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['code']);

      //Format year - ex 2012
      $display_year = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['year']);

      //Format Chapter - ex Means Of Egress
      $display_chapter = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['chapter']);

      //Format Section - ex Stairs
      $display_section = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['section']);

      //Format sub Section - ex 1009.4 width
      $display_sub = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['subsection']);

      //$display_subsection = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['subsection']);

      $display_def = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['def']);

      $display_exception = preg_replace("/".$search_string."/i", "<b class='highlight'>".$search_string."</b>", $result['exception']);

      $display_url = 'http://php.net/manual-lookup.php?pattern='.urlencode($result['code']).'&lang=en';

      // Insert Name
      $output = str_replace('nameString', $display_name, $html);

      //Insert Code
      $output = str_replace('codeString', $display_code, $output);

      //Insert Year
      $output = str_replace('yearString', $display_year, $output);

      //Insert Chapter
      $output = str_replace('chapterString', $display_chapter, $output);

      // Insert Section
      $output = str_replace('sectionString', $display_section, $output);

      // Insert Sub Section
      $output = str_replace('SUBHERE', $display_sub, $output);

      // Insert Defenition
      $output = str_replace('defString', $display_def, $output);

      // Insert exceptions
      $output = str_replace('exceptionString', $display_exception, $output);

      // Insert URL
      $output = str_replace('urlString', $display_url, $output);

      // Output
      echo($output);
    }
  }else{
    // Format No Results Output
    $output = str_replace('urlString', 'javascript:void(0);', $html);
    $output = str_replace('nameString', '<b>No Results Found.</b>', $output);
    $output = str_replace('functionString', 'Sorry :(', $output);

    // Output
    echo($output);
  }
}

?>

Answer 1

Use parenthesis for more than 2 parameters for the WHERE statement.

$query = 'SELECT * FROM search WHERE (subsection LIKE "%'.$search_string.'%" OR def LIKE "%'.$search_string.'%" OR exception LIKE "%'.$search_string.'%") ORDER BY subsection ASC';

Answer 2

1. For each word have LIKE %word% OR LIKE %word2% etc constructs as @iamde_coder suggested
2. Use boolean search as @fred-ii suggested
3. Use specialized search-servers that split words based on language, get rid of stop-words etc. For example SOLR or sphinx

Answer 3

As others are pointing out, you need to use a LIKE condition for each word in the search.

So, as a first approach to the problem, split your input like this:

$search_string = 'jump lazy dog';
$search_terms = explode(' ', $search_string);
$query = 'SELECT *
    FROM search
    WHERE ';
foreach($search_terms as $term) {
    $query .= '(subsection LIKE "%'.$term.'%" OR def LIKE "%'.$term.'%" OR exception LIKE "%'.$term.'%") AND ';
}
$query = substr($query, 0, -4).'ORDER BY subsection ASC';

echo $query;

This will produce the query you need:

SELECT *
FROM search
WHERE (subsection LIKE "%jump%" OR def LIKE "%jump%" OR exception LIKE "%jump%")
    AND (subsection LIKE "%lazy%" OR def LIKE "%lazy%" OR exception LIKE "%lazy%")
    AND (subsection LIKE "%dog%" OR def LIKE "%dog%" OR exception LIKE "%dog%")
ORDER BY subsection ASC

(I added line breaks and indentation just to make this easier to read.)

There is a huge problem here, however: this is horrifically insecure, due to the risk of SQL injection. You need to use prepared statements to prevent this. See this help page for a variety of approaches to this.