PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
" SELECT * FROM $db_tb_name WHERE pages_appearance='yes' AND $db_tb_atr_name like '%".$query."%' OR thecategory='$thecat' OR pages_location='$thelocation' OR pages_price BETWEEN '$fromprice' AND '$toprice' "
Is there any wrongs in my sql query ? :\
this is my variables:
// Change the fields below as per the requirements
$db_tb_name="pages";
$db_tb_atr_name="pages_text";
$thecat = mysql_real_escape_string($_POST['selectcat']);
$thelocation = mysql_real_escape_string($_POST['location_search']);
$fromprice = mysql_real_escape_string($_POST['fromprice']);
$toprice = mysql_real_escape_string($_POST['toprice']);
//Now we are going to write a script that will do search task
// leave the below fields as it is except while loop, which will display results on screen
<?php
mysql_query("SET NAMES 'utf8'");
$result3 = mysql_query("SELECT location_id as value2,location_name as title2 FROM locations");
while($row = mysql_fetch_assoc($result3)){
extract($row);
?>
<option value="<?=$title2?>"><?=$title2?></option>
<?php
}
?>
</select></td>
<td> <select name="selectcat">
<?php
mysql_query("SET NAMES 'utf8'");
$result2 = mysql_query("SELECT Id as value,category_name as title FROM categories");
while($row = mysql_fetch_assoc($result2)){
extract($row);
?>
<option value="<?=$value?>"><?=$title?></option>
<?php
}
?>
</select></td>
<td><input type="text" name="fromprice"></td>
<td><input type="text" name="toprice"></td>
<td><input type="text" name="query"></td>
<td><input type="submit" value="חפש" style="background-color:orange; color:white; border:1px dotted white; width:100px; height:30px;"></td>
</tr>
</table>
</form>
</div>
[/text]
and yes i get wrongs...
i didnt get WHERE pages_appearance='yes'... :\..
and another question:
when i use:
BETWEEN
the field must be INT? or i can use VARCHAR and put in the VARCHAR only numbers?
If column is VARCHAR, val1 and val2 must be string
If column is INT, val1 and val2 must be int
Also, getting the query from a post is a bad design. The user can easily right click on your page, and click "View Source" and he/she will know your DB objects/tables