I have code like this: function search_keyword(){ $keyword = trim($_POST[‘keyword’]); $search_explode = explode( ,

Question

0

Asked: June 1, 20262026-06-01T05:26:48+00:00 2026-06-01T05:26:48+00:00

I have code like this: function search_keyword(){ $keyword = trim($_POST[‘keyword’]); $search_explode = explode( ,

0

I have code like this:

function search_keyword(){
            $keyword = trim($_POST['keyword']);
            $search_explode = explode(" ", $keyword);
            $x = 0;

            $sql = " ( SELECT  name, id_global_info AS id, body AS body, tag AS tag  ,info_type_id AS info_type, \"global_info\" AS mytable FROM global_info WHERE ";
            foreach($search_explode as $each){
                $x++;
                if($x == 1){
                   $sql .= " name LIKE '%$each%' ";}                          
                else {

                    $sql .= " AND name LIKE '%$each%' ";
                }
            }

              $sql .= " ) UNION ALL "; 

              $sql .= " ( SELECT name, id_person AS id, surname AS body, info AS tag , location AS info_type, \"person\" AS mytable FROM person WHERE ";
            foreach($search_explode as $each){
                $x++;
                if($x == 1){
                   $sql .= " name LIKE '%$each%' ";}                          
                else {

                    $sql .= " AND name LIKE '%$each%' ";
                }
            }

              $sql .= " ) UNION ALL ";

              $sql .= "( SELECT name, id_event AS id, body AS body, caffe_id AS tag , date AS info_type, \"event\" AS mytable FROM event WHERE ";
            foreach($search_explode as $each){
                $x++;
                if($x == 1){
                   $sql .= " name LIKE '%$each%' ";}                          
                else {

                    $sql .= " AND name LIKE '%$each%' ";
                }
            }

            $sql .= " ) UNION ALL ";

              $sql .= "( SELECT name, id_caffe AS id, description AS body, adress AS tag, location_id AS info_type, \"caffe\" AS mytable FROM caffe WHERE ";
            foreach($search_explode as $each){
                $x++;
                if($x == 1){
                   $sql .= " name LIKE '%$each%' ";}                          
                else {

                    $sql .= " AND name LIKE '%$each%' ";
                }
            }

            $sql .= " ) ";
            echo $sql;
            $q = $this->db->query($sql);
             return $q = $q->num_rows() == 0 ? FALSE :  $q->result();
        }

When I search for exapmle

“mali oglasi”

I get following error:

Error Number: 1064

You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘AND name LIKE ‘%mali%’ AND name LIKE ‘%oglas%’ ) UNION ALL (
SELECT name, id_e’ at line 1

This is MySQL query it is producing:

( SELECT name, id_global_info AS id, body AS body, tag AS tag ,info_type_id AS info_type, "global_info" AS mytable FROM global_info WHERE name LIKE '%mali%' AND name LIKE '%oglas%' )
 UNION ALL
 ( SELECT name, id_person AS id, surname AS body, info AS tag , location AS info_type, "person" AS mytable FROM person WHERE AND name LIKE '%mali%' AND name LIKE '%oglas%' ) 
UNION ALL
 ( SELECT name, id_event AS id, body AS body, caffe_id AS tag , date AS info_type, "event" AS mytable FROM event WHERE AND name LIKE '%mali%' AND name LIKE '%oglas%' ) 
UNION ALL
 ( SELECT name, id_caffe AS id, description AS body, adress AS tag, location_id AS info_type, "caffe" AS mytable FROM caffe WHERE AND name LIKE '%mali%' AND name LIKE '%oglas%' )

What seems to be an error?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T05:26:50+00:00

First thing’s first: don’t forget to escape your input value. This can be done in your case either on the initial value, or for each iteration of the foreach loop on $each

// If your query() method calls mysql_query()
$keyword = mysql_real_eascape_string(trim($_POST['keyword']));
// Or if query() is mysqli::query()
$keyword = $this->db->real_escape_string(trim($_POST['keyword']));
// Or if this is Codeigniter's API
$keyword = $this->db->escape_like_str(trim($_POST['keyword']));

You need to reset $x at the start of each foreach loop:

       // Reset $x to 0 before the start of each of your loops.
       $x = 0;
       foreach($search_explode as $each){
            $x++;
            if($x == 1){
               $sql .= " name LIKE '%$each%' ";}                          
            else {

                $sql .= " AND name LIKE '%$each%' ";
            }
        }

Note: It is generally advisable to use parameterized queries instead of building the query by concatenation and interpolation. Codeigniter uses ? placeholders for that.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have code like this: function search_keyword(){ $keyword = trim($_POST[‘keyword’]); $search_explode = explode( ,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply