2

I have a problem with my search query, $s_query. The user can search a type (Date, Title, or Location) which corresponds to a colum in my mysql database

$search_type =mysql_real_escape_string($_POST['type']);
$search_query =mysql_real_escape_string($_POST['search_query']);

if ($search_query == "") {
  echo "<p>Please enter a search...</p>";
  exit;}

$s_query = "SELECT * FROM `posts` WHERE `$search_type` == `$search_query` ";

$s_result1=mysql_query($s_query);

if (!$s_result1) {
    die('Invalid query: ' . mysql_error());
    //header ("Location: /UC_page.html");
}

$s_row = mysql_fetch_array($s_result1);
$s_num1=mysql_numrows($s_result1);
mysql_close();

mysql_error says: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '== 1956'

i have tried every operator possible and every kind of syntax i could find, but im stuck. at one point i got the date to work, but not any of the strings. thanks in advance.

Improve this question
1
  • No need for == just one = should do it. Commented Mar 15, 2012 at 21:28

3 Answers 3

Reset to default
4

Actually you have two problems. First, you're surrounding your value with `, which is invalid. Use " or ' instead.

Also, == is not valid syntax, you need to use a single = instead. Although, looking at what you're doing, you probably want to use LIKE instead, for a case-insensitive search.

So this query should work:

SELECT * FROM `posts` WHERE `$search_type` = '$search_query'

Or with LIKE:

SELECT * FROM `posts` WHERE `$search_type` LIKE '$search_query'
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

You are putting ` (on top of the tab button) around your insert value. Those only go on the field. YOu shoudl use ' (on top of the slash button) for the value.

Improve this answer

1 Comment

thank you for your response i tried it and got mysql_error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '== 'Lorem Ipsum''
0

This might help you understand what query MySQL is expecting:

$s_query = "SELECT * FROM `posts` WHERE `" . $search_type . "` = " . $search_query;

Also make sure you add the necessary quotes to $search_query. EG: If it is a string then surround it with '.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.