Forums

Hi everyone!

I come with a question about a wildcard character.

Is it possible to block the use of "%" in an input field?
Eg.: I need that before the CC process the variable inputed, check if any "%" exists, then return a error message like "Invalid Search, please try again."

The objective of this, is to deny access to any information returned from a search like "%value_requested%" or "value_requested%". Because it'll return results with that expression and similars, as we know.


Thank you for even read this!

Regards,
Aluízo Jr.🙂

Up!

Please, does anyone knows something?

up...

Well, I'm still waiting but looking for a solution too.


Thanks who visit this topic.

Hello everyone! Finally I think I got it solved.

In the WHERE field, instead of (observe the LIKE word):

<?php
$field = $_POST['field_to_search'];
if($field){
	$search_array = array('field_to_search');
	$where = array();
	foreach ( $search_array as $search ) {
	  $value = JRequest::getString($search, '' , 'post');
	  if ( $value ) {
		$where[] = " $search LIKE '$value' ";
	  }
	}
	if ( !empty($where) ) {
	  echo " WHERE ".implode(' AND ', $where);
	}

}
?>

I changed to:

<?php
$field = $_POST['field_to_search'];
if($field){
	$search_array = array('field_to_search');
	$where = array();
	foreach ( $search_array as $search ) {
	  $value = JRequest::getString($search, '' , 'post');
	  if ( $value ) {
		$where[] = " $search = '$value' ";
	  }
	}
	if ( !empty($where) ) {
	  echo " WHERE ".implode(' AND ', $where);
	}

}
?>

Tested and now it only returns the data which belongs to the parameter passed.

Everything's seens to be working now.
Thanks ^^

Hi Aluizojr ,

Well found !!

Bob

Hi Bob! Thank you master! ^^

That was all about the LIKE because it's recommended for common "similarities" search results. But in my case, I was needing an exact therm and nothing more.

That's why I reassure that the ChronoEngine set is awesome!

~Best Regards,
Aluizo Jr.