Building a searchengine like google. ofcourse.
Now, I need to VALIDATE user inputs on my search box on my website.
- Need to make sure the search box is not empty before clicking the "Search" button.
- Need to make sure no user will be able to hack into my Mysql database.
- Need to make sure no user will be able to hijack my other visitors to any malicious site.
- Need to make sure no user will be able to inject sql commands.
- Need to make sure no user will be able to inject html to breakup the page.
- Need to make sure all chars (alpha, numbers, symbols) found on a keyboard (like a QWERTY one) are typable in the search box and searchable in the Mysql Database.
(NOTE: Above, I have given you 6 requirements. Should I have more ? If so, what should they be ?).
$blacklisted_words = array('prick','dick');
//Check if "search term" exists or not in Url's Query String.
if(empty(trim($_REQUEST['find'])) || !is_string(trim($_REQUEST['find']))) //Using $_REQUEST for both $_REQUEST['POST'] & $_REQUEST['REQUEST'].
die('Enter Keywords to search!');
if(in_array(trim($_REQUEST['find']),$blacklisted_words)) //Keyword(s) to search.
die('Your search terms contains a banned word! Try some other keywords');
I am not sure if I should remove this part or not since I do want to allow users searching for symbols such:
Must allow users to search for symbols because they could be searching for tutorial websites based on these symbols.
I'd appreciate code samples from every contributor as that will teach me a variety of flavours of coding. And trigger constructive debates on the subject on this thread. We always can learn a thing or two from the other no matter the level of programming expertise or experience.
I would be using Prepared Statements to protect from Sql Injection.
You can see a sample of how my full code will look like by glancing over here:
Hence, not wasting your time making you go through the same code (pagination page code) all over again here aswell. Here, we just need to concentrate on how to VALIDATE the user's input on my searchengine's search box. Ok ? So, let's concentrate how to deal with the inputs on $_POST[find'];
Search Box Html
Searchengine Result Page
<form method = 'GET' action = "">
<input type='text' name='find' id='find'>
<input type='radio' name='table' id='sale' value='sale'><label for='sale'>Websites On Sale</label>
<input type='radio' name='table' id='sold' value='sold'><label for='sold'>Websites Sold</label>
<input type='radio' name='table' id='links' value='links'><label for='links'>Links</label>
<select name="column" id="column">
<option value="submission_id">Submission Id</option>