Non-object error when trying to do full text search in mysql

Question

I'm trying to learn how to put a useful search function on my site, where users can affix certain tags to their database entries. The tags live in a keyword column which holds the data as a comma separated string (ie red, car, apple), that (in theory) can be searched for at a later time.

When I construct my sql search like this:

         $sql      = "SELECT  * FROM reporting WHERE (keywords LIKE '%" . $search. "%' ) 
                     AND user_id = $user_id  
                     ORDER BY spc_class";

                //-run  the query against the mysql query function

                $result   = mysqli_query($conn, $sql);

               //-create  while loop and loop through result set

               $colNames = array();

               $data     = array();
                if ($result->num_rows > 0) {

                while ($row = mysqli_fetch_assoc($result)) {

                    $data[] = $row;

                }

                $colNames = array_keys(reset($data));

            } else {

                echo "0 results";

            }

It works reasonably well, except if someone searches for multiple words. That problem has been covered extensively in these forums, and it seems that most answers recommend converting the column to be searched to a full text value format in mysql.

I have done this, but when I change my search query like this, I get a non-object found error lwhen using the MATCH AGAINST construct:

      $sql      = "SELECT * FROM reporting WHERE MATCH(keywords) AGAINST('".$search."') 
                   AND user_id = $user_id  
                   ORDER BY spc_class";


        //-run  the query against the mysql query function
        $result   = mysqli_query($conn, $sql);

        //-create  while loop and loop through result set

        $colNames = array();

        $data     = array();
        if ($result->num_rows > 0) {

            while ($row = mysqli_fetch_assoc($result)) {

                $data[] = $row;

            }

            $colNames = array_keys(reset($data));

        } else {

            echo "0 results";

        }

Why am I able to execute the mysql search using the WHERE LIKE construct, but not the MATCH AGAINST query? Does the latter not return an object? I can't seem to figure out my error in using the full-text search query.

See http://stackoverflow.com/q/6717312/ - http://stackoverflow.com/q/14055116/ - http://stackoverflow.com/q/9600728/ - Or, you could implode on commas. — Funk Forty Niner, Apr 16 '17 at 13:20
[Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe. — junkfoodjunkie, Apr 16 '17 at 14:01
@junkfoodjunkie Thanks for the warning, I have escaped my string but I'm not entirely familiar enough with PHP to understand how to prevent injection attacks using the more advanced methods from the links you posted! As a PHP/mySql newbie, it's tough sledding. — user1837608, Apr 16 '17 at 19:13
@Fred-ii- Thanks, I have read all those posts ad nauseum and I think my search code is similar. But, I cannot return any search results with even a single term using match/against, but can using LIKE. The latter is just not very good with respect to results due to the comma separated tags. — user1837608, Apr 16 '17 at 19:16
@user1837608 See if PHP's error reporting and `mysqli_error($conn)` on the query picks up anything. — Funk Forty Niner, Apr 16 '17 at 20:14
@Fred-ii- Thanks! I was notified that I had not properly added full_text_search on the column of interest, now it seems to work. — user1837608, Apr 16 '17 at 20:30

Non-object error when trying to do full text search in mysql

0 Answers0