• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Best way to process search containing special chars

#1
[eluser]lukeinjax[/eluser]
I've got a search that queries a table using active record with a 'like' to get all records like the search term. What I need is to allow the user to be able to search using special chars such as ", and ', but I don't want to open myself up to SQL injection or any other type of attack.

The search results are paginated, so I'm currently passing the search term in the URL like this: http://mydomain.com/search/page/searchterm/offset, but CI disallows special chars in the URL string. Because of this I'm getting the disallowed chars message when I try to search for '42" plasma' or something like that. So, since I'm sure this situation is pretty common, I'm curious as to how others have handled it.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.