-1

I have a very simple form that allows the user to search for a company name. One of the company names is "A+ Service". How can I build the form to encode the plus (+) sign prior to submitting the form, to allow for the user to input "A+" and find this company?

The form is submitting via POST.

A bit of background to help explain. Here's the code for the form itself:

<form action="/search_customer.php" method="post" enctype="multipart/form-data"
      id="search_form" onsubmit="return validateSearch(document.search_form);">
Search Customers:
<input id="search_text1" name="global_search_text" type="text" value="">
<input type="submit" name="global_search" id="global_search" value="Go">
</form>

When we submit this form with "a+" as the search term, the resulting SQL is:

SELECT * FROM tbl_customer
WHERE ( cus_fname LIKE '%a%' OR cus_lname LIKE '%a%');

My understanding is that we'll need to encode the value of the search string prior to submitting the form, but we're not clear on how to do this.

JMichael
  • 75
  • 1
  • 11

2 Answers2

2

I think your problem is related to the + being translated as a space.

If you are sending the data using javascript, you could encodeURIComponent the value at first.

eridal
  • 1,288
  • 1
  • 11
  • 23
  • Not currently sending via JavaScript, @eridal, but I wasn't familiar with `encodeURLComponent()`, so I'll give that a try. – JMichael Sep 17 '14 at 15:03
  • Added the following: `$('#search_text2').attr('name','global_search_text'); $('#search_text1').attr('name','global_search_text_decoded').keyup(function(){ $('#search_text2').val(encodeURIComponent($('#search_text1').val())); });` – JMichael Sep 17 '14 at 15:22
0

Try using mysql_real_escape_string while writing search query pass the value as below... or show me your screenshot...

mysql_real_escape_string($value)
Nithyanandhan M
  • 1,524
  • 1
  • 16
  • 26