MySQL custom fulltext search results breaking when ' or " are entered in search

[exsy]

[Note: remember to include site URL, ZC version, list of plugins, PHP version, etc ... read the Posting Tips shown above for information to include in your post here. And, remove this comment before actually posting!]

Website is http://beyondherbs.com. PHP 5.6. ZC 1.55 f. Alto theme.

I modified the advanced search results header.php as mentioned here (https://www.zen-cart.com/showthread....arch-results#6) which has successfully improved my search results by way of utilizing the MySQL built in full text searching capabilities. The change is quite preferred to the default search results.

However, because this modification utilizes MySQL, it is not allowing searches that use an apostrophe or quotation mark. This is problematic, and can be confusing to customers.

Is it possible to add a line of code to /includes/modules/pages/advanced_search_result/header.php that will remove or format the " or ', so that the search may work, even when these characters are entered? I found two suggestions, but am unsure where they go.

Suggestion 1 recommends using sanitize_text_field: https://wordpress.stackexchange.com/...ith-apostrophe

Suggestion 2 recommends using a line to replace the ' or " with a /, so that the code will be removed. I am unsure if this would work while maintaining search integrity, but I am down to give it a shot.

-

Thank you for your assistance, ZC team and community!

[DrByte]

The wordpress suggestion would be pointless.

I haven't tested this, but the following might work, and will be a lot more secure:
Replace:

Code:

$from_str = ",  MATCH(pd.products_name) AGAINST('$robs_keywords') AS rank1, MATCH(pd.products_description) AGAINST('$robs_keywords') AS rank2 ";

with

Code:

$from_str = ",  MATCH(pd.products_name) AGAINST(:robskeywords) AS rank1, MATCH(pd.products_description) AGAINST(:robskeywords) AS rank2 ";
$from_str = $db->bindVars($from_str, ':robskeywords', $robs_keywords, 'string');

[exsy]

Thank you DrByte, I will test this tomorrow and report back my findings.

[exsy]

It worked! Maybe these modifications would make a good addition to a future release? Either way, this is exactly what I was looking for. Thanks! Going to buy the Zen team some coffee now :)