0

This is the column

I want to fetch the one word out of the 4 words in the column category. For example I search for Buffet and the restaurant that has Buffet will display. This is my code so far and unfortunately it doesn't work.

HomeController

public function searchresto(){

     $searchinfo = $_POST['searchinfo'];

     $this->load->model('RestoModel');
     $restaurantinfo['restaurantinfo']=$this->RestoModel>searchRestaurant($searchinfo);

     $this->load->view('pages/searchDisplay',$restaurantinfo);
}

RestoModel

public function searchRestaurant($searchinfo){

    $sql = "SELECT * FROM restaurants WHERE restoname = '$searchinfo' OR restocuisines = '$searchinfo' OR category = '$searchinfo'";
    $result = $this->db->query($sql);
    $result = $result->result('array');

    return $result;
}
PM 77-1
  • 12,933
  • 21
  • 68
  • 111
Yuki
  • 1
  • 1

1 Answers1

1

First, sanitize user input. Never query the database directly from the user input, as this may cause SQL Injection.

After sanatizing the user input, try using the LIKE function.

For example:

SELECT 'Breakfast, Lunch, Dinner, Buffet, Snack' LIKE '%Lunch%' would output 1.

SELECT 'Breakfast, Lunch, Dinner, Buffet, Snack' LIKE '%NonExistantCategory%' would output 0.

Try changing your query to SELECT * FROM restaurants WHERE category LIKE '%$searchinfoSanatized%', where $searchinfoSanatized is the input that has been filtered/escaped.

Also, I believe you are forgetting a - after RestoModel: $restaurantinfo['restaurantinfo']=$this->RestoModel>searchRestaurant($searchinfo);

Community
  • 1
  • 1
bnahin
  • 796
  • 1
  • 7
  • 20
  • how do I sanitize the user input? – Yuki Feb 06 '16 at 02:04
  • @Yuki a simple way is to use your DB class's escape function. Look at [this article on SO.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – bnahin Feb 06 '16 at 02:08