cty Posted December 7, 2006 Share Posted December 7, 2006 Good day,I currently using mysql servers and clients 4.0.14b and php 4.4.4I have facing a coding problem,can any one give me some idea?Hopefully you may guide me to edit it.---------------------------------------------------------------error message shown:cannot execute sql becauseYou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '% %' at line 1-----------------------------------------------------------<html><head></head><body><form action=result.php method=post>Choose Search Type:<br /><select name="searchtype"><option value="author">Author</option><option value="title">Title</option><option value="isbn">ISBN</option></select><br />Enter Search Term:<br /><input type=text name="searchterm"><br /><input type=submit value=Search></form></body></html>------------------------------------------------------------//result.php<html><head><title>New Page 1</title></head><body><?php$searchtype=$_POST['searchtype'];$searchterm=$_POST['searchterm'];[color=red]$query="SELECT * FROM book where " . $searchtype . " like% " . $searchterm . "%";[/color]$connection=mysql_connect("localhost","root","") or die("cannot connect!");mysql_select_db("kelly") or die("cannot select db!");$result=mysql_query($query) or die("cannot execute sql because".mysql_error());if(mysql_num_rows($result)>0){echo"<table>";echo"<td>ISBN</td>";echo"<td>TITLE</td>";echo"</tr>";while($row=mysql_fetch_assoc($result)){echo"<tr>";echo"<td>".$row['isbn']."</td>";echo"<td>".$row['title']."</td>";echo"</tr>";}echo"</table>";}else{echo"No data found!";}mysql_close($connection);?></body></html>------------------------------------------------//(end)From,UTAR studentMALAYSIA Quote Link to comment Share on other sites More sharing options...
btherl Posted December 7, 2006 Share Posted December 7, 2006 [code=php:0]$query="SELECT * FROM book where " . $searchtype . " like '%" . mysql_real_escape_string($searchterm) . "%'";[/code]This is very insecure, as $searchtype could be anything. It could be quite slow too, if there are many books. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.