Control SQL query through URL?
 

Im trying to figure out how to run an sql query via a url with a string appended to it like this:

domain.com/collection.php?keyword=chicken%garlic

That would display a listing of recipes where the ingredients specifically contained both chicken and garlic.

This is what I have in my regular SQL statement in the coding, how would I make it so that the URL controls the SQL query itself?

Is this even possible without significantly changing what I already use for the pages SQL query?

The end goal is to be able to randomly list a bunch of specific recipes from the database in their own page, kind of like how sites like TasteofHome and BHG do for their visitors as a 'recipe collection' article.

So in this instance, that url when clicked would display some filler content, with a dynamically generated listing of 10 (or however many I choose) random recipes that contain both chicken and garlic in their ingredients.

As I undertand it, I'll need to put an escape string in the page somewhere to(?)

Any help/pointers would be greatly appreciated.

Untested, and assuming your regex is correct.


domain.com/collection.php?keyword=chicken|garlic

$keywords = explode("|",$_GET['keyword']);
foreach($keywords as $i) {
$output[] = "(?=.*".mysqli_real_escape_string($con,$i).")" ;
}
$result = mysqli_query($con,"SELECT * FROM Recipe WHERE Ingredient REGEXP '".implode("",$output)."' ORDER BY RAND() LIMIT 10");

Thank you.

That gives me something to work off, its tossing out a few SQL errors but I can get those fixed.

Appreciate the assistance :thumbsup

domain.com/collection.php?keyword=chicken%garlic'--; SELECT * from...

:pimp:pimp