I've been trying this for about an hour now and I can't figure it out. It's supposed to be a search customers thinggy. I might have missed some stupid character or whatever lol. Help!
<?
include "includes/header.php";
include "includes/template.php";
include "includes/dates.php";
include "includes/sql.php";
$submit = $_GET['submit'];
if($submit=="yes") {
$name = $_POST['name'];
$domain = $_POST['url'];
$acc_no = $_POST['acc_no'];
$q = "foo";
if(!isSet($name) && !isSet($domain) && !isSet($acc_no)) {
echo "You can't do a blank search!";
}
elseif(isSet($name) && !isSet($domain) && !isSet($acc_no)) {
$q = "SELECT * FROM customers WHERE f_name = $name OR m_name = $name OR l_name = $name";
}
elseif(!isset($name) && isSet($domain) && !isSet($acc_no)) {
$q = "SELECT * FROM customers WHERE domain = $domain";
}
elseif(!isSet($name) && !isset($domain) && isSet($acc_no)) {
$q = "SELECT * FROM customers WHERE acc_no = $acc_no";
}
else {
$q = "SELECT * FROM customers WHERE f_name = $name OR m_name = $name OR l_name = $name AND domain = $domain AND acc_no = $acc_no";
}
$result = mysql_query($q, $connection) or die(mysql_error());
}
else {
new_table_title("Search Form");
$print = <<< PRINT
<form name="search" action="search.php?submit=yes" method="post">
Account Number: <input type="text" name="acc_no" size="30" /><br />
Name: <input type="text" name="name" /><br />
Domain name: <input type="text" name="url" size="30" /><br />
<input type="submit" value="Search" />
</form>
PRINT;
new_table_content($print);
}
include "includes/footer.php";
?>
and now I get:
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND acc_no =' at line 1
I'm sure it's correct to use multiple "AND"(s) - since it's not my English teahcer's English .
You should print out $q to see what the query looks like (i.e. make sure variables are being passed correctly, the correct quotes have been added around non-numeric values (hint, hint):
$value = "foo bar";
// test one...
$result = mysql_query("select * from x where field = $value")
// test two...
$result = mysql_query("select * from x where field = '$value'")
Q: What happens when $value contains a space in the above queries? (Just one example)
Rule Number 1 - if some sequel is throwing up an error, in this case, $q,
always, always, always add something like
echo "<br>" . $q . "<br>" to examine exactly what you are passing the DB server. Most common errror is a simple typo, follow by quoting/not quoting values. Refer to your table structure. If ok - then check for blank value and back track from there.
$q = "SELECT * FROM 'customers' WHERE f_name = $name OR m_name = $name OR l_name = $name";
I think the error is you have quotes for table name customers.Remove the quotes and see