You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version~~

Question

I have a problem with my search engine. I can search but when clicking the link this what come out "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Pacina' at line 1"... I dont know how to fix it.Your answer might be a big help for me.. :)

This is my code:

<?php
    mysql_connect("localhost","root","");
    mysql_select_db("infokiosk");

    $name=$_GET['name'];
    $sql = mysql_query("select * from  basicinfo WHERE name=$name") or die(mysql_error());

While($row = mysql_fetch_array($sql)) {

$id= $_GET['id'];
$name=$_GET['name'];
$description=$_GET['description'];

{
?>
  <tr>
<td><?php echo $name; ?></td><?php echo $description; ?>
</tr>




    </div>
<?php }} ?>

<br>
<?php
 $sql = mysql_query("select * from  staffreg WHERE name LIKE '%$search%' or description LIKE '%$search%' or keyword LIKE '%$search%'") or die(mysql_error());

While($row = mysql_fetch_array($sql)) {

$id= $row['id'];
$name=$row['name'];
$description=$row['description'];
{
?>






<tr>
<td><?php echo $name; ?></td>
<?php echo $description; ?>
<?php echo $status; ?>
</tr>





    </div>
<?php }}?>

<?php
 $sql = mysql_query("select * from  search WHERE name LIKE '%$search%' or description LIKE '%$search%' ") or die(mysql_error());

While($row = mysql_fetch_array($sql)) {

$id= $row['id'];
$name=$row['name'];
$description=$row['description'];
$content=$row['content'];

{
?>






<tr>
<td><?php echo $name; ?><br> <?php echo $content ?></td>

</tr>




    </div>
<?php }}?>

I dont know what/where line is the problem.. :( thanks in advance.. :)

Answer 1

string should be surrounded with the single quote in query,

"SELECT * FROM  basicinfo WHERE `name`='".$name."'";

Waring: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Answer 2

Server version: 5.5.32 - MySQL Community Server (GPL)

**$sql = mysql_query("select * from  staffreg WHERE name LIKE '%".$search."%' or description LIKE '%".$search."%' or keyword LIKE '%".$search."%'") or die(mysql_error());**

**$sql = mysql_query("select * from  search WHERE name LIKE '%".$search."%' or description LIKE '%".$search."%' ") or die(mysql_error());**

USE Mysql latest version install your system and all query you should write after print your browser. and run sql (PHPMYADMIN). GET result..

Answer 3

for your SELECT statement you need to make $sql like

 $sql = mysql_query("select * from  search WHERE name LIKE '%".$search."%' or description LIKE '%".$search%"."'") or die(mysql_error());

and ur another select statement

$sql = mysql_query("select * from  basicinfo WHERE `name`='$name'") or die(mysql_error());

---

This (mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, Prepared Statements of MySQLi or PDO_MySQL extension should be used to ward off SQL Injection attacks !