I want to put a search box on my site using php/mysqli, since others available through Google and the like, although they are free, have ads associated and they may be my competitors' ads.

The first issue is that I know I need to make certain that I am preventing sql injection, but do not know exactly where to place that code. The pages as they are now do function properly, however, in addition to looking in the color_name field for the searched term, I also need to look in desc, style_no, and style_desc fields for the searched term.

I have made numerous attempts to alter the code based on articles I found on line, but it has now been weeks with no success. I also made a failed attempt at using MATCH, as the fields referenced are set as "FULL TEXT" and the engine is MyISAM. I would appreciate any assistance I can receive in better understanding how to accomplish this goal.

Thank you all in advance.

Here is the form code:

    <form action = 'search2.php' method = 'GET'>
       <input type = 'text' size='90' name = 'search'></br></br>
       <input type = 'submit' name = 'submit' value = 'Search'></br></br></br>
    </form>

and here's the 'search2.php' page

<?php

  $button = $_GET ['submit'];
  $search = $_GET ['search']; 

  if(!$button )
    echo "you didn't submit a keyword";
  else {
if(strlen($search)<=1)
     echo "Search term too short";
    else {
     echo "You searched for <b> $search </b> <hr size='1' > </br> ";
include('admin/misc.inc');$cxn = mysqli_connect($host,$user,$passwd,$dbname) or die ("couldn't connect to server" . mysqli_error()); 
 
     $search_exploded = explode (" ", $search);

     foreach($search_exploded as $search_each) {
       $x++; 
       if($x==1)
         $construct .="color_name LIKE '%$search_each%'";
       else
         $construct .="OR color_name LIKE '%$search_each%'";
 } 
     $construct = "SELECT * FROM RMI_style WHERE $construct";
     $run = mysqli_query($cxn, $construct );
 
     $foundnum = mysqli_num_rows($run);
 
     if ($foundnum==0)
       echo "Sorry, there are no matching result for <b> $search </b>. </br> </br> 1. Try more general words. for example: If you want to search 'how to create a website' then use general keyword like 'create' 'website' </br> 2. Try different words with similar meaning </br> 3. Please check your spelling"; 
     else {
       echo "$foundnum results found !<p>";
 
       while( $runrows = mysqli_fetch_assoc($run ) ) {
         $vendor = $runrows ['vendor_name'];
 $color = $runrows ['color_name'];
         $desc = $runrows ['desc'];
 $styleno = $runrows ['style_no'];
 $styledes = $runrows ['style_desc'];
         $url = $runrows ['order_url'];
 
         echo "<a href='$url'>$vendor $color $desc Style #$styleno</a> f$styledes</p>";
 
       }
     }
 
    }
  }
 ?>