Include Tags In Wordpress Search

Include Tags In Search

//Add Tags to Search
function custom_search_where($where){
  global $wpdb;
  if (is_search())
    $where .= "OR (t.name LIKE '%".get_search_query()."%' AND {$wpdb->posts}.post_status = 'publish')";
  return $where;
}

function custom_search_join($join){
  global $wpdb;
  if (is_search())
    $join .= "LEFT JOIN {$wpdb->term_relationships} tr ON {$wpdb->posts}.ID = tr.object_id INNER JOIN {$wpdb->term_taxonomy} tt ON tt.term_taxonomy_id=tr.term_taxonomy_id INNER JOIN {$wpdb->terms} t ON t.term_id = tt.term_id";
  return $join;
}

function custom_search_groupby($groupby){
  global $wpdb;

  // we need to group on post ID
  $groupby_id = "{$wpdb->posts}.ID";
  if(!is_search() || strpos($groupby, $groupby_id) !== false) return $groupby;

  // groupby was empty, use ours
  if(!strlen(trim($groupby))) return $groupby_id;

  // wasn't empty, append ours
  return $groupby.", ".$groupby_id;
}

add_filter('posts_where','custom_search_where');
add_filter('posts_join', 'custom_search_join');
add_filter('posts_groupby', 'custom_search_groupby');

How to use this function with my theme which uses PHP?

Thanks

How to use this function with my theme which uses PHP?

The code above is PHP. You can add it to your theme's functions.php file.

After the WordPress 4.8.3 security update, you'll have to replace the percent characters in the LIKE statement with the string returned by

$wpdb->placeholder_escape()

And instead of using grouping, it should be enough to set DISTINCT using the posts_distinct.

Also, note that this will perform a search for the whole search query. If you want to match tags matching one word of the query, you'll have to split up the query by spaces, loop over the words and add the $where part for each of the words.

After the WordPress 4.8.3 security update, you'll have to replace the percent characters in the LIKE statement with the string returned by

$wpdb->placeholder_escape()

@Connum Could you elaborate why you need to replace them? Isn't that what the changes in the update address? i.e. Don't they get replaced by placeholder escape strings before the query anyway?

After the WordPress 4.8.3 security update, you'll have to replace the percent characters in the LIKE statement with the string returned by

$wpdb->placeholder_escape()

@Connum Could you elaborate why you need to replace them? Isn't that what the changes in the update address? i.e. Don't they get replaced by placeholder escape strings before the query anyway?

The updated WP code will escape any percentage signs in a query, so they are no longer seen as a wildcard in SQL, in order to prevent injections via user input in places where you don't want to have wildcards. In order to have a real percentage sign in a query written in your plugin or theme code, you'll have to make use of the mentioned method.

@Connum Thanks for the quick reply. I'm finding that even if I use your method, if I literally search just % signs like % or %%%, it will return strange posts that don't even exist, some with weird titles and excerpts with actual code in them. The same thing happens if I search with a blank input. Something like 100% will query fine though with your method or the original method.

I have it like this:

function custom_search_where($where){
        global $wpdb;
        $placeholder_string = $wpdb->placeholder_escape();
        if (is_search()) {
            $where .= "OR (t.name LIKE '".$placeholder_string.get_search_query().$placeholder_string."' AND {$wpdb->posts}.post_status = 'publish')";
        }
        return $where;
    }