i am trying to build the where clause part of a query i want to use to for search on a website i am building for my project.when i run the script is giving this error:"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1". i try to figure out the cause but is proving difficult.if any one knows the way out or a different approach please help. the following is the code.
PHP Code:
<?php require_once('Connections/sql1.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_sql1, $sql1);
$query_query_course = "SELECT course_id, course_desc FROM course";
$query_course = mysql_query($query_query_course, $sql1) or die(mysql_error());
$row_query_course = mysql_fetch_assoc($query_course);
$totalRows_query_course = mysql_num_rows($query_course);
if(isset($_POST['search']))
{ //$buildquerysting=" ";
if(!isset($_POST['fname'])){
$fname=$_POST['fname'];
$fname = strip_tags($fname);
$fname = trim ($fname);
$buildquerystring=(!isset($buldquerystring))?"firstName"."="."'".$fname."'":"AND firstName"."="."'".$fname."'";
}
if(!isset($_POST['lname'])){
$lname=$_POST['lname'];
$lname = strip_tags($lname);
$lname = trim ($lname);
$buildquerystring.=(!isset($buldquerystring))?"lastName"."="."'".$lname."'":"AND lastName"."="."'".$lname."'";
}
if(!isset($_POST['corse'])){
$corse=$_POST['corse'];
$corse= strip_tags($corse);
$corse = trim ($corse);
$buildquerystring.=(!isset($buldquerystring))?'course_id='.$corse:'AND course_id='.$corse;
}if(!isset($_POST['level'])){
$level=$_POST['level'];
$level = strip_tags($level);
$level= trim ($level);
$buildquerystring.=(!isset($buldquerystring))?"student_level"."=".$level:"AND student_level"."=".$level;
}
if(!isset($_POST['addate'])){
$addate=$_POST['addate'];
$addate = strip_tags($addate);
$addate= trim ($addate);
$buildquerystring.=(!isset($buldquerystring))?"addmi_date"."="."'".$addate."'":"AND addmi_date"."="."'".$addate."'";
}
if(!isset($_POST['codate'])){
$codate=$_POST['codate'];
$codate = strip_tags($codate);
$codate = trim ($codate);
$buildquerystring.=(!isset($buldquerystring))?"complete_date"."="."'".$codate."'":"AND complete_date"."="."'".$codate."'";
}
$query_search = sprintf("SELECT * FROM students WHERE %s", $buildquerystring);
mysql_select_db($database_sql1, $sql1);
$rs_search = mysql_query($query_search, $sql1) or die(mysql_error());
$row_rs_search = mysql_fetch_assoc($rs_search);
}
?>
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="query.php" method="post">
<table width="200" border="0" cellspacing="2" cellpadding="1">
<tr>
<td nowrap="nowrap">First Name:</td>
<td><input name="fname" type="text" /></td>
</tr>
<tr>
<td nowrap="nowrap">Last Name:</td>
<td><input name="lname" type="text" /></td>
</tr>
<tr>
<td>Course:</td>
<td><select name="corse">
<option value=" ">Select student course</option>
<?php if($totalRows_query_course>=1){
do{
?>
<option value='<?php echo $row_query_course['course_id'];?>'><?php echo $row_query_course['course_desc'];?></option>
<?php } while($row_query_course=mysql_fetch_assoc($query_course));
}?>
</select></td>
</tr>
<tr>
<td nowrap="nowrap">Year of student:</td>
<td><input name="level" type="text" /></td>
</tr>
<tr>
<td nowrap="nowrap">Date of admission:</td>
<td><input name="addate" type="text" /></td>
</tr>
<tr>
<td nowrap="nowrap">Date of completion:</td>
<td><input name="codate" type="text" /></td>
</tr>
<tr><td colspan="2" align="center"><input name="search" type="submit" value="Find student" /></td></tr>
</table>
</form>
</body>
</html>
PHP Code:
<?php
mysql_free_result($query_course);
?>
 |
