[SOLVED] Search Form - unknown syntax error

[EternalSorrow]

I'm currently working on a simple search form for a single table and have run into an error message I can't seem to fix.

 

First, for reference here is the form code and result code, both placed on the search.php file:

<?php
mysql_connect("localhost","animara_ham","Alucard666"); 
mysql_select_db("animara_historia");
?>

<div class="font">Advanced Search</div>

<form action="#results" method="post">
<table align="center" style="text-align: right;">
<tr><td>Keyword(s) <input category="text" name="info">

<tr><td>Category <select name="category">
<option value="all">Search All</option>
<?php

$qCategory = "SELECT DISTINCT category FROM history ORDER BY category ";
$rsCategory = mysql_query($qCategory) or die ('Cannot execute query');

while ($row = mysql_fetch_array($rsCategory))
{
extract($row);
echo '<option value="'.$category.'">'.$category.'</option>';

}
?>
</select>

<tr><td>
<input type="submit" name="search" value="Search">
</table>
</form>

<hr>

<p>Here are the <a name="results">results</A> of your search:

<p><?php

$info = strtolower(strip_tags(mysql_escape_string($_POST['info'])));
$category = strip_tags(mysql_escape_string($_POST['category']));

$sql_category = ($category == all) ? "" : "WHERE category='$category'";

$qSearch = "SELECT * FROM history 
WHERE info LIKE '%$info%'
$sql_category
ORDER BY title desc ";

$rsSearch = mysql_query($qSearch) or die(mysql_error());

if (mysql_num_rows($rsSearch) == 0)
{
print '<p>Sorry, there were no results returned for your search. Please try again.</p>';
}
else
{
print '<center><b>'.mysql_num_rows($rsSearch).'</b> article(s) found.</p></center>';

$i = 1;
while ($row = mysql_fetch_array($rsSearch))
{
extract($row);

$dot = '';
$morelink = '';

$text=substr($info, 0, 300);

if (strlen($info) >= 301) { 
$dot = ".."; 
}

if (strlen($info) >= 301) { 
$morelink = "<div class=\"continue\"><a href=\"counter.php?entry_id=$entry_id\">continue reading</A></div>"; 
}

echo '<p><blockquote><div class="title">'.$title.'</div>
'.$text.''.$dot.'
'.$morelink.'
<div class="cat">Category: <a href="categories.php?category='.$category.'">'.$category.'</A></div>
</blockquote>';

}

}

?>

 

The following error message appears when a visitor enters the page:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE category='' ORDER BY title desc' at line 3

 

The line mentioned is part of the $sql_category string, which is then placed in the $qSearch query.  I can't figure out why it's already querying when a search hasn't been done, nor can I find a fix for the problem.  The form, however, does work perfectly when a search is entered.

 

Any hints on why the form is prematurely searching?

[abdfahim]

I can't figure out why it'll not run the query as you dont put any constrains on that part of the code. Put all the codes for search result inside following if condition.

if(isset($_POST[search])){

}

[premiso]

$sql_category = ($category == 'all') ? "" : "AND category='$category'";

 

Try replacing that line. See what happens.

 

Decided to add an explanation:

Since you already have "WHERE" inside the query here:

$qSearch = "SELECT * FROM history 
WHERE info LIKE '%$info%'
$sql_category
ORDER BY title desc ";

 

Adding WHERE again in the $sql_category was causing the error, because you cannot have 2 where clauses in a SQL statement. Thus, you know the WHERE clause is going to be in there already, so there is no need to have it, which is why I took the where clause out of the $sql_category declaration.

[EternalSorrow]

How foolish of me not to have noticed before.  Thanks for the (much-needed) help!