cty Posted December 7, 2006 Share Posted December 7, 2006 Good day,I currently using mysql servers and clients 4.0.14b and php 4.4.4I have facing a coding problem,can any one give me some idea?Hopefully you may guide me to edit it.---------------------------------------------------------------error message shown:cannot execute sql becauseYou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '% %' at line 1-----------------------------------------------------------<html><head></head><body><form action=result.php method=post>Choose Search Type:<br /><select name="searchtype"><option value="author">Author</option><option value="title">Title</option><option value="isbn">ISBN</option></select><br />Enter Search Term:<br /><input type=text name="searchterm"><br /><input type=submit value=Search></form></body></html>------------------------------------------------------------//result.php<html><head><title>New Page 1</title></head><body><?php$searchtype=$_POST['searchtype'];$searchterm=$_POST['searchterm'];[color=red]$query="SELECT * FROM book where " . $searchtype . " like% " . $searchterm . "%";[/color]$connection=mysql_connect("localhost","root","") or die("cannot connect!");mysql_select_db("kelly") or die("cannot select db!");$result=mysql_query($query) or die("cannot execute sql because".mysql_error());if(mysql_num_rows($result)>0){echo"<table>";echo"<td>ISBN</td>";echo"<td>TITLE</td>";echo"</tr>";while($row=mysql_fetch_assoc($result)){echo"<tr>";echo"<td>".$row['isbn']."</td>";echo"<td>".$row['title']."</td>";echo"</tr>";}echo"</table>";}else{echo"No data found!";}mysql_close($connection);?></body></html>------------------------------------------------//(end)From,UTAR studentMALAYSIA Link to comment https://forums.phpfreaks.com/topic/29774-problem-in-php4-vs-mysql4select-query-unsupport/ Share on other sites More sharing options...
btherl Posted December 7, 2006 Share Posted December 7, 2006 [code=php:0]$query="SELECT * FROM book where " . $searchtype . " like '%" . mysql_real_escape_string($searchterm) . "%'";[/code]This is very insecure, as $searchtype could be anything. It could be quite slow too, if there are many books. Link to comment https://forums.phpfreaks.com/topic/29774-problem-in-php4-vs-mysql4select-query-unsupport/#findComment-136730 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.