Mysql search table w/ php and return results

Question

I am trying to make my search look in my database for $searchtext where $selecteditem represents the columb it's searching. Im getting syntax errors around the last part of the code

My form-

<form name="search" id="search" method="POST" action="">
    <input type="text" name="searchterm" id="searchterm">
    <select name="selectitem">
        <option value="propertydescription">Property/Description</option>
        <option value="transactiontype">Transaction type</option>
        <option value="applicabledocument">Applicable document</option>
        <option value="recieved">recieved</option>
        <option value="paid">paid</option>
    </select>

</div></td>
<td>&nbsp;</td>
<td><input type="submit" name="search" value="search"></td>

My php for this-

if (isset($_POST['search']))
{
    $columbname = $_POST['selectitem'];
    $searchterm  = $_POST['searchterm'];
    $query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND WHERE '$columbname' = '$searchterm'";
    $result = mysql_query ($query) or die(mysql_error());
}
else

Your php code is incomplete. Also you are open to sql injections. Read up about prepared statements. — Leri
– Leri, Commented Jun 4, 2013 at 9:52
Inevitable sermon: Sanitize user input, don't use die(mysql_error()) on production system. — MarioP
– MarioP, Commented Jun 4, 2013 at 9:56
do not use mysql_ extension it's deprecated. Use mysqli or PDO instead. — 6339
– 6339, Commented Jun 4, 2013 at 10:06

peterm · Accepted Answer · 2013-06-04 09:54:56Z

5

Remove second WHERE
Remove quotes around the column name that you get from $columbname variable.

Change

$query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND WHERE '$columbname' = '$searchterm'";

to

$query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND $columbname = '$searchterm'";

On a side note: your code is vulnerable to sql-injections. Switch to mysqli or PDO and use prepared statements.

answered Jun 4, 2013 at 9:54

peterm

93k16 gold badges157 silver badges162 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

A.R Over a year ago

That gets rid of the error but now the search is not working :/

SagarPPanchal · Accepted Answer · 2013-06-04 09:57:13Z

5

I have replace your PHP code, and now it's working well

if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm  = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' && 'columbname' = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}
else

answered Jun 4, 2013 at 9:57

SagarPPanchal

10.2k6 gold badges36 silver badges66 bronze badges

Comments

Þaw · Accepted Answer · 2013-06-07 09:05:32Z

5

if (isset($_POST['search']))
{
$columbname = $_POST['selectitem'];
$searchterm  = $_POST['searchterm'];
$query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND $columbname = '$searchterm'";
$result = mysql_query ($query) or die(mysql_error());
}

edited Jun 7, 2013 at 9:05

answered Jun 4, 2013 at 9:52

Þaw

2,0474 gold badges22 silver badges40 bronze badges

Comments

Archer · Accepted Answer · 2013-06-04 09:53:03Z

4

Please replace the AND WHERE by just AND in your SQL query.

answered Jun 4, 2013 at 9:53

Archer

1,1724 gold badges13 silver badges34 bronze badges

Comments

Carl0s1z · Accepted Answer · 2013-06-04 09:51:55Z

3

Use this (Delete the second where):

$query="SELECT * FROM transactions 
WHERE agentclient  = '$agentclient' 
AND '$columbname' = '$searchterm'";

answered Jun 4, 2013 at 9:51

Carl0s1z

4,7237 gold badges34 silver badges49 bronze badges

Comments

user2050393 · Accepted Answer · 2013-06-04 09:55:31Z

3

Fix the query. Use this:

$query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND '$columbname' = '$searchterm'"

Instead of:

$query="SELECT * FROM transactions WHERE agentclient  = '$agentclient' AND WHERE '$columbname' = '$searchterm'"

(you have one too many WHERE)

answered Jun 4, 2013 at 9:55

user2050393

Comments

6339 · Accepted Answer · 2013-06-04 10:05:55Z

3

you should replace the AND WHERE by AND in you SELECT query and no need of ' in $columbname

if (isset($_POST['search']))
{
 $columbname  = $_POST['selectitem'];
 $searchterm  = $_POST['searchterm'];
 $query       = "SELECT * FROM transactions WHERE (agentclient  = '$agentclient' AND $columbname = '$searchterm')";
 $result = mysql_query ($query) or die(mysql_error());
}

Note: do not use mysql_ extension it's deprecated. Use mysqli or PDO instead.

edited Jun 4, 2013 at 10:05

answered Jun 4, 2013 at 9:57

6339

4753 silver badges16 bronze badges

Comments

zkanoca · Accepted Answer · 2013-06-04 09:56:02Z

0

Change your query:

$query = "SELECT * FROM transactions 
          WHERE agentclient  = '$agentclient' 
          AND $columbname = '$searchterm'";

answered Jun 4, 2013 at 9:56

zkanoca

10k10 gold badges55 silver badges99 bronze badges

Collectives™ on Stack Overflow

Mysql search table w/ php and return results

8 Answers 8

1 Comment

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

8 Answers 8

1 Comment

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related