Web Wiz NewsPad - Search for multiple words

Print Page | Close Window

Search for multiple words

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz NewsPad
Forum Description: Support forum for the Web Wiz NewsPad application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=29023
Printed Date: 29 March 2026 at 8:34pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Search for multiple words

Posted By: Roberto Randall
Subject: Search for multiple words
Date Posted: 15 December 2010 at 6:59pm

I have this code to search for multiple words, but do not work me in Web Wiz NewsPad. This same code I have a website and it works perfectly. I have a lookup field as having the Forum.

Sorry for my English. I'm translating from the Spanish. Thank you.

pbuscar = Request.querystring("KW")
arr = split(pbuscar,"+")

for i = 0 to ubound(arr)
palabra=arr(i)

if i <> 0 then
strSQL = strSQL & " or "
end if
strSQL = strSQL & "(" & strDbTable & "Newsletter.Newsletter_subject Like '%" & palabra & "%' OR " & strDbTable & "Newsletter.Description Like '%" & palabra & "%')"

next
strSQL = strSQL & "ORDER BY " & strDbTable & "Newsletter.Newsletter_date DESC;"

Replies:

Posted By: WebWiz-Bruce
Date Posted: 16 December 2010 at 8:31am

The first thing is that you have no sanitisation and so the code leaves you wise open to SQL Injection attacks that can be used to either manipulate the database or worse still inject malware in to your website which would get you blacklisted from Google.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: Roberto Randall
Date Posted: 16 December 2010 at 8:41am

Is there a way to create a lookup field and find multiple words in a search as Web Wiz Forums? Thank you.

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: 123Simples
Date Posted: 16 December 2010 at 12:24pm

When you do a search on Web Wiz forums, there is an option saying Advanced Search
Click that and you can match ALL words or match ANY words, phrase etc
You would need to compare files between the two types of software to probably find a way to enable this type of search in newspad - it would be probably quite a complex task

-------------
http://www.123simples.com/" rel="nofollow - Visit 123 Simples Web Design

Posted By: Roberto Randall
Date Posted: 21 December 2010 at 5:36pm

In the following message attachment code I created and work me well. Will I have a problem with SQL?

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat

Posted By: Roberto Randall
Date Posted: 25 December 2010 at 10:26pm

I leave this code I have to search for words and highlight those found. To me me works well and let it to whom you want to use. The code can be improved, but I get to here:

page_layout_footer_inc.asp

            <select name="SR" id="SR">
              <option value="todas">Buscar todas las palabras</option>
              <option value="cualquiera">Buscar cualquier palabra</option>

<option value="frase">Buscar frase</option>
</select>

functions_common.asp

'******************************************
'*** Reemplaza los acentos para realizar la búsqueda ***
'******************************************

Function acentocuent(strcuent)
strcuent = Replace(strcuent, "\'", "\'", 1, -1, 1)
strcuent = Replace(strcuent, """", "", 1, -1, 1)
strcuent = Replace(strcuent, "'", "''", 1, -1, 1)
strcuent = Replace(strcuent, "[", "[", 1, -1, 1)
strcuent = Replace(strcuent, "]", "]", 1, -1, 1)
strcuent = Replace(strcuent, "<", "<", 1, -1, 1)
strcuent = Replace(strcuent, ">", ">", 1, -1, 1)

strcuent = replace(strcuent,"Á","A")
strcuent = replace(strcuent,"á","a")
strcuent = replace(strcuent,"à","a")
strcuent = replace(strcuent,"â","a")
strcuent = replace(strcuent,"ä","a")
strcuent = replace(strcuent,"ã","a")
strcuent = replace(strcuent,"a","[a,á,à,ã,â,ä]")

strcuent = replace(strcuent,"É","E")
strcuent = replace(strcuent,"é","e")
strcuent = replace(strcuent,"è","e")
strcuent = replace(strcuent,"ê","e")
strcuent = replace(strcuent,"ë","e")
strcuent = replace(strcuent,"e","[e,é,è,ê,ë]")

strcuent = replace(strcuent,"Í","I")
strcuent = replace(strcuent,"í","i")
strcuent = replace(strcuent,"í","i")
strcuent = replace(strcuent,"î","i")
strcuent = replace(strcuent,"ï","i")
strcuent = replace(strcuent,"i","[i,í,ì,î,ï]")

strcuent = replace(strcuent,"Ó","O")
strcuent = replace(strcuent,"ó","o")
strcuent = replace(strcuent,"ò","o")
strcuent = replace(strcuent,"ô","o")
strcuent = replace(strcuent,"ö","o")
strcuent = replace(strcuent,"õ","o")
strcuent = replace(strcuent,"o","[o,ó,ò,ô,õ,ö]")

strcuent = replace(strcuent,"Ú","U")
strcuent = replace(strcuent,"ú","u")
strcuent = replace(strcuent,"ù","u")
strcuent = replace(strcuent,"û","u")
strcuent = replace(strcuent,"ü","u")
strcuent = replace(strcuent,"u","[u,ú,ù,û,ü]")

strcuent = replace(strcuent," ","+")

acentocuent = strcuent

End Function

'******************************************
'*** Reemplaza los acentos para realizar la búsqueda ***
'******************************************

Function acento(stracentudado)
stracentudado = Replace(stracentudado, "\'", "\'", 1, -1, 1)
stracentudado = Replace(stracentudado, """", "", 1, -1, 1)
stracentudado = Replace(stracentudado, "'", "''", 1, -1, 1)
stracentudado = Replace(stracentudado, "[", "[", 1, -1, 1)
stracentudado = Replace(stracentudado, "]", "]", 1, -1, 1)
stracentudado = Replace(stracentudado, "<", "<", 1, -1, 1)
stracentudado = Replace(stracentudado, ">", ">", 1, -1, 1)

stracentudado = replace(stracentudado,"Á","A")
stracentudado = replace(stracentudado,"á","a")
stracentudado = replace(stracentudado,"à","a")
stracentudado = replace(stracentudado,"â","a")
stracentudado = replace(stracentudado,"ä","a")
stracentudado = replace(stracentudado,"ã","a")
stracentudado = replace(stracentudado,"a","[a,á,à,ã,â,ä]")

stracentudado = replace(stracentudado,"É","E")
stracentudado = replace(stracentudado,"é","e")
stracentudado = replace(stracentudado,"è","e")
stracentudado = replace(stracentudado,"ê","e")
stracentudado = replace(stracentudado,"ë","e")
stracentudado = replace(stracentudado,"e","[e,é,è,ê,ë]")

stracentudado = replace(stracentudado,"Í","I")
stracentudado = replace(stracentudado,"í","i")
stracentudado = replace(stracentudado,"í","i")
stracentudado = replace(stracentudado,"î","i")
stracentudado = replace(stracentudado,"ï","i")
stracentudado = replace(stracentudado,"i","[i,í,ì,î,ï]")

stracentudado = replace(stracentudado,"Ó","O")
stracentudado = replace(stracentudado,"ó","o")
stracentudado = replace(stracentudado,"ò","o")
stracentudado = replace(stracentudado,"ô","o")
stracentudado = replace(stracentudado,"ö","o")
stracentudado = replace(stracentudado,"õ","o")
stracentudado = replace(stracentudado,"o","[o,ó,ò,ô,õ,ö]")

stracentudado = replace(stracentudado,"Ú","U")
stracentudado = replace(stracentudado,"ú","u")
stracentudado = replace(stracentudado,"ù","u")
stracentudado = replace(stracentudado,"û","u")
stracentudado = replace(stracentudado,"ü","u")
stracentudado = replace(stracentudado,"u","[u,ú,ù,û,ü]")

acento = stracentudado

End Function

default.asp

Dim strSearchphrase 'Holds the search phrase
Dim arr
Dim palabra
Dim stroperador
Dim strphrase
Dim buscando
Dim cuent
Dim texto
Dim strnoticia
Dim luz
Dim texto_split

'Get the search critiria if this is a search (clean it up incase of SQL injection
If NOT Request.QueryString("KW") = "" Then
strSearchCriteria = acentocuent(Trim(Request.QueryString("KW")))
strSearchphrase = acento(Trim(Request.QueryString("KW")))
End If

arr = split(Trim(strSearchCriteria),"+")
texto = Request.QueryString("KW")
texto_split = split(Trim(texto), " ")

'Read in form input
stroperador = Request.QueryString("SR")
strphrase = Request.QueryString("SR")

'If this is a search for All Words use 'AND' for SQL
If stroperador = "todas" Then
stroperador = "And"
'Else if this is a search of Any Words use 'OR' for the SQL
Else
stroperador = "Or"
End If

'If a search cretiria is selected then run a where like query
If strSearchCriteria <> "" AND strphrase = "frase" Then

strSQL = strSQL & "(" & strDbTable & "Newsletter.Newsletter_subject Like '%" & strSearchphrase & "%' OR " & strDbTable & "Newsletter.Description Like '%" & strSearchphrase & "%')"

ElseIf strSearc

-------------
https://www.lanocion.es - https://www.lanocion.games - https://www.lanocion.chat