MySQL server version for the right syntax to use near 'AND comics.comic_conditio

[greeny_big]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND comics.comic_condition = 'new'' at line 20

 

is the new error message that I am getting.

 

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>

<title>Comic Collectables - Search Results</title>

<link rel="stylesheet" href="mystyles.css" media="screen" type="text/css" />

</head>

<body>

<h1>Comic Collectables - Search Results</h1>

<?

// Check that the form has been submitted

if ($_POST) {

 

// Store the form data in variables

  $form_series_name =    $_POST['series_name'];

  $form_comic_issue =    $_POST['comic_issue'];

  $form_comic_condition = $_POST['comic_condition'];

 

// Trim any trailing and leading spaces from the form data

  $form_comic_issue =    trim('$form_comic_issue');Line 20

 

// Open a connection to the database

$link = mysqli_connect('localhost', 'student', 'mmst12009', 'assignment3');

 

// Define an SQL query to retrieve the comic records

$query = "

  SELECT

 

    comics.comic_id,

series.series_name,

    comics.comic_issue,

    comics.comic_condition,

    comics.comic_price

 

  FROM

 

    comics,

    series

 

  WHERE

 

    (comics.series_id = series.series_id)

 

  ORDER BY

 

    comics.comic_id ASC ";

 

 

// Restrict the SQL query with an AND clause if a

// comic issue has been supplied

if ($form_comic_issue != "")

 

{

$query .= "AND comics.comic_issue = '$form_comic_issue' ";

}

// Restrict the SQL query with an AND clause if a

// comic condition has been supplied

if ($form_comic_condition != "")

 

{

$query .= "AND comics.comic_condition = '$form_comic_condition' ";

}

// Run the query and store the result

$result = mysqli_query($link, $query)or die(mysqli_error($link));

 

// Get the number of rows in the result set

$number_of_rows = mysqli_num_rows($result);

 

// Close the connection to the database

mysqli_close($link);

 

// Display a message if no records have been retrieved

if ($number_of_rows == 0) {

  echo <<<END

<p>There are no records in the database.</p>

END;

}

else {

 

  // Display the head of the table

  echo <<<END

  <p>Search results are presented below.</p>

  <table border="0">

    <tr>

      <th>ID Number</th>

      <th>Series</th>

      <th>Issue</th>

      <th>Condition</th>

      <th>Price</th>

    </tr>

END;

 

  // Assign each record in the result to an array

  while ($row = mysqli_fetch_array($result))

  {

 

    // Assign each array element to a variable

    $comic_id =        $row['comic_id'];

    $series_name =    $row['series_name'];

    $comic_issue =    $row['comic_issue'];

    $comic_condition = $row['comic_condition'];

    $comic_price =    $row['comic_price'];

 

 

    // Display each record in a separate row of the table

    echo <<<END

    <tr>

      <td>$comic_id</td>

      <td>$series_name</td>

      <td>$comic_issue</td>

      <td>$comic_condition</td>

      <td>$$comic_price</td>

    </tr>

END;

    }

  echo "</table>";

  }

}

?>

</body>

</html>

 

Cheers,

Greeny

[Barand]

if you

 

echo $query;

 

you should be able to see what's wrong.

[MemphiS]

You should look into SQL injection aswell... as that script isnt safe. Few posts about it already you can read up on on pages 3 or 4 of this forum

[MemphiS]

http://www.phpfreaks.com/forums/index.php/topic,141669.msg604001.html#msg604001

 

link to a solved page.. with the sql injection info