I'm trying to do a fulltext search on one of my MySQL database tables in Laravel. I have my search controller looking like this: class SearchController extends \BaseController {
public function postSearch()
{
if (Input::has('search')) {
$q = Input::get('search');
$q = urlencode($q);
return Redirect::to('/search/'.$q);
}
else
//TODO: Handle this error
}
public function getSearch($query)
{
$query = urldecode($query);
$products = Product::whereRaw(
'MATCH(product_name,product_desc,product_category) AGAINST(? IN BOOLEAN MODE)',
array($query)
)->paginate(5);
return View::make('searchResults', array('products' => $products, 'query' => $query));
}
I have the separate get/post functions as I was told that pagination is much easier to deal with when the search is done using a GET request; as a result I use the route Route::get('/search/{query}', 'SearchController@getSearch');
to display the search results.
However, it doesn't seem like the search query is being escaped correctly. I used urlencode
to prevent the URL from having special characters in it, but when the query is performed, I can still cause errors by searching for );
or other strings with parentheses or semicolons. (I get SQLSTATE[42000]: Syntax error or access violation:
errors).
Am I performing my fulltext query incorrectly, or is there some function I can call to 'prepare' my query string?