C4talyst Posted September 24, 2007 Share Posted September 24, 2007 Hey Freaks...hoping someone can help me, I'm a php newb. This is my page: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Membership Database</title> <meta http-equiv="Content-type" content="text/html; charset=iso-8859-1"> <meta http-equiv="Content-Language" content="en-us"> <style type="text/css">@import "style.css";</style> </head> <body> <div id="mdb_top"> <div id="mdb_nav" style="padding: 2px;" align="center"><a href="index.php">MDB Home</a> | <a href="add.php">Add Nation</a> | <a href="search.php">Find Nation</a></div> </div> <table border="0" cellpadding="3" cellspacing="3" width="700"> <form method="get" action="search.php"> <tr> <td width="700" colspan="3" bgcolor="#414B3F"> <h3>Find Nation in ACDC Membership Database</h3> </td> </tr> <tr> <td width="400" bgcolor="#768872" valign="top" align="left"> <input class="form" type="text" name="q" value="" size="30" /> </td> <td width="200" bgcolor="#768872" valign="top" align="left"> <select class="form" type="text" name="metode" value="" size="1"> <option value ="id">Nation ID</option> <option value ="cnnation">Nation Name</option> <option value ="cnruler">Nation Ruler</option> <option value ="acdcuser">ACDC Member</option> <option value ="positions">Position</option> </select> </td> <td width="100" bgcolor="#768872" valign="top" align="left"> <input class="form" type="submit" value="SUBMIT" /> </td> </tr> </form> </table> <? $hostname = "localhost"; $username = "acdcalliance"; $password = "testpass22"; $usertable = "members"; $dbName = "acdc-alliance_com-mdb"; // MYSQL_CONNECT($hostname, $username, $password); @mysql_select_db( "$dbName") or die( "Unable to select database"); ?> <? //error message (not found message) $XX = "No Record Found"; $query = mysql_query("SELECT * FROM $usertable WHERE $metode LIKE '%$search%' LIMIT 0, 30 ") or die("Error in select: " . mysql_error()); while ($row = mysql_fetch_array($query)) { $variable1=$row["cnnation"]; $variable2=$row["cnruler"]; $variable3=$row["acdcuser"]; $variable4=$row["position"]; print ("this is for $variable1, and this print the variable2 end so on..."); } //below this is the function for no record!! if (!$variable1) { print ("$XX"); } //end ?> </body> When I access the page it kicks out this error: Error in select: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIKE '%%' LIMIT 0, 30' at line 1 This is the line in question: $query = mysql_query("SELECT * FROM $usertable WHERE $metode LIKE '%$search%' LIMIT 0, 30 ") or die("Error in select: " . mysql_error()); Can anyone tell me what's wrong with my syntax? I'm a newb so explaining it to me may not allow me to fix it on my own. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted September 24, 2007 Share Posted September 24, 2007 have to escape the variable $serach like '%".$serach."%' like so Quote Link to comment Share on other sites More sharing options...
C4talyst Posted September 24, 2007 Author Share Posted September 24, 2007 Hey thanks for the quick reply. I changed the code as you suggested but the same error is still there...any ideas what to look at next? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted September 24, 2007 Share Posted September 24, 2007 after you write out $query echo it out and see if it looks like what u wanted. Quote Link to comment Share on other sites More sharing options...
sayedsohail Posted September 24, 2007 Share Posted September 24, 2007 You need to capture the post values from the form, add this two lines inside your code above the $hostname etc, and there is not need to escape etc, its all stupid for the beginners - your original code is quite enough to do the job. Although there are lots of improvement can be done for advance level users. but this two lines should do the job for you to get the immediate results. $search = $_GET['q']; $metode = $_GET['metode']; $hostname = "localhost"; $username = "acdcalliance"; $password = "testpass22"; $usertable = "members"; $dbName = "acdc-alliance_com-mdb"; // Secondly its recommended to check the post/get values against sql injection for security reasons. Anyway this is keep you going. best of luck. Quote Link to comment Share on other sites More sharing options...
C4talyst Posted September 24, 2007 Author Share Posted September 24, 2007 Thanks for all the input guys, even after the latest round of changes I still get this error: Error in select: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIKE '%%' LIMIT 0, 30' at line 1 Quote Link to comment Share on other sites More sharing options...
C4talyst Posted September 24, 2007 Author Share Posted September 24, 2007 ALso: [root@secure html]# mysql -V mysql Ver 14.7 Distrib 4.1.7, for redhat-linux-gnu (i386) [root@secure html]# Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.