开发者

Php Syntax Help

问答 作者:

I'm working on a search function, it was working fine four days ago, now it's returning this error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND state = 'AZ '' at line 1

what is the proper syntax for this line? 

if($search_state !== "") {

$query .="AND state =  '" . $search_state .  " ' " ;

the entire portion is:

$query = "SELECT id, name, contact, contact2, address1, address2, city, state, postalcode, country, location, workphone, fax, email, webaddress, region, rail, food, forest, metal, bulk, chem, general, paper FROM companies_new WHERE dummy = '' ORDER BY state ASC ";

if($search_co !== "") {

$query .= "AND name LIKE '%" . $search_co ."%' ";

}


if($search_first !== "") {

$query .= "AND contact LIKE '%" .$search_first."%' ";

}

if($search_last !=开发者_开发问答= "") {

$query .= "AND contact LIKE '%" .$search_last."%' ";

}

if($search_city !== "") {

$query .="AND city = ' " . $search_city . " ' ";

}

if($search_state !== "") {

$query .="AND state =  '" . $search_state .  " ' " ;

}

You can't put AND conjunctions for your WHERE clause after an ORDER BY. Your ORDER BY clause has to come after the entirety of the WHERE clause.

You need to put the AND statements after the where, and before the sort_by. Move the sort_by to the end of the php (append to the query string), and it should work.

Try this:

$query = "SELECT id, name, contact, contact2, address1, address2, city, state, postalcode, country, location, workphone, fax, email, webaddress, region, rail, food, forest, metal, bulk, chem, general, paper FROM companies_new WHERE dummy = '' ";  

if($search_co !== "") {
    $query .= "AND name LIKE '%".$search_co."%' ";
}

if($search_first !== "") {
    $query .= "AND contact LIKE '%".$search_first."%' ";
}

if($search_last !== "") {
    $query .= "AND contact LIKE '%".$search_last."%' ";
}

if($search_city !== "") {
    $query .= "AND city = '".$search_city."' ";
}

if($search_state !== "") {
    $query .= "AND state = '". $search_state."' " ;
}

$query.= "ORDER BY state ASC"

As was said by others, your order by statement has to come last. Also, you had spaces surrounding the city name in the city = portion of the query. While this is valid SQL syntax, it's only going to return results where the city name is surrounded by spaces. I'm guessing that's not what you wanted.

Also, you may want to add some more fields to your order by. Right now, it will order by state, but will records come back randomly by state. Maybe something like 

$query.= "ORDER BY state, city, name, id"

Finally, just FYI, if you're not carefully sanitizing your search inputs, this approach is susceptible to SQL Injection.

Also, you seem to have spaces between the single and double quotes which will make the query like this: AND state = ' AZ ' which is probably not what you want. You can also avoid the additional quotes and concatenations in PHP by using this syntax:

$query .= " AND state = '$search_state' ";

Of course I have to mention that you should sanitize your inputs to protect against SQL injection.

The WHERE part comes before the AND's in your code, which is wrong. This is what you want

$query = "SELECT id, name, contact, contact2, address1, address2, city, state, postalcode, country, location, workphone, fax, email, webaddress, region, rail, food, forest, metal, bulk, chem, general, paper FROM companies_new WHERE dummy = '' ";

if($search_co !== "") {

$query .= "AND name LIKE '%" . $search_co ."%' ";

}
...
$query .= " ORDER BY state ASC ";

Also, for completeness sake, you could make the code a bit easier to read:

$query .= "AND name LIKE '%$search_co%' ";

because your string is double quoted

I think this might work:

$query = "SELECT id, name, contact, contact2, address1, address2, city, state, postalcode, country, location, workphone, fax, email, webaddress, region, rail, food, forest, metal, bulk, chem, general, paper FROM companies_new ";

$conditions = array();

if(!empty($search_co)) {
    $conditions[] = "name LIKE '%" . $search_co ."%' ";
}

if(!empty($search_first)) {
    $conditions[] = "contact LIKE '%" .$search_first."%' ";
}

if(!empty($search_last)) {
    $conditions[] = "contact LIKE '%" .$search_last."%' ";
}

if(!empty($search_city)) {
    $conditions[] = "city = '" . $search_city . "' ";
}

if(!empty($search_state)) {
    $conditions[] = "state =  '" . $search_state .  "' " ;
}

if (count($conditions) > 0) {
    $query .= " WHERE " . implode(' AND ', $conditions);
}

$query .= " ORDER BY state ASC";

Edit: The original version used empty, it should have been !empty. It's fixed now.

Edit 2: This also assumes you've already sanitized the variables using mysql_real_escape_string or similar.

Note that ORDER BY has to be after the WHERE clauses.

implode takes an array and turns it into a string with the specified string between the elements. So, given:

$myArray = array('A', 'B', 'C');

you can do

$myString = implode(' and ', $myArray);

which would put "A and B and C" into $myString.

继续阅读:phpsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9