0

I'm writing some code that returns the results of an event. In this table I have some fields that are populated with data from MySQL, including a download link for a certificate.

But now, I need to add a search field. This is what I have done so far:

<?php     
include "open.php";

$sql = "SELECT * FROM results";

if (isset($_POST['search'])){

    $search_term = mysql_real_escape_string($_POST['search_box']);

    $sql .= "WHERE Name = '{$search_term}' ";
    $sql .= "OR Place = '{$search_term}'";
}

$query = mysql_query($sql) or die(mysql_error());        
?>

<form name="search_form" method="POST" action="teste3.php">        
    Search: <input type="text" name="search_box" value="" />
    <input type="submit" name="search" value="Search">
</form>

<table width="70%" cellpadding="5" cellspace="5">        
    <tr>            
        <td>
            <strong>Place</strong>
        </td>
        <td>
            <strong>Name</strong>
        </td>
        <td>
            <strong>Category</strong>
        </td>
        <td>
            <strong>Certificate</strong>
        </td>
    </tr>

    <?php while ($row = mysql_fetch_array($query)){ ?>
    <tr>                        
        <td><?php echo $row['Place']; ?></td>
        <td><?php echo $row['Name']; ?></td>
        <td><?php echo $row['Category']; ?></td>
        <td>
            <a href="http://(...)/<?php echo $row['Place']; ?>.pdf"
             style="color: #000000" target="blank">Download Certificate</a>
        </td>
    </tr>
    <?php } ?>                
</table>

But for some reason when I do a test search, the browser echoes:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 'ulisses' OR Place = 'ulisses'' at line 1.

Improve this question
1
  • 1
    You're missing a space between resultados and WHERE when you concatenate them. Commented Feb 17, 2014 at 17:10

1 Answer 1

Reset to default
3

You need to provide some space as 

$sql .= " WHERE Nome = '{$search_term}' ";
$sql .= "OR Lugar = '{$search_term}'";

The way you have done your query will become as

SELECT * FROM resultadosWHERE Nome = 'some val' OR Lugar = 'some val'
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Thanks. When i search from numbers it works, but i think i need something else to search for names. Already tried '%{$search_term}%', but don't think its enough. Do you know why its not working?
if you search for string it should work something as where col = 'val' and if you provide the where col LIKE '%val%' it will find the matching pattern :-)
I knew i had forgot something! Thanks! :D
One more thing, if i want to order by column, how can it be done? I'm trying hard but i'm not having luck.
you can do as select * from table where col1 = 'someval' OR col2 = 'someval' ORDER BY col1 ... You can add multiple ORDER BY as ORDER BY col1,col2
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.