表格搜索的正确语法（mysql）（php）

Question

I was wondering what the correct syntax using mysql_query would be to search a table for things that match the 'key'.

For example, say I want to search for a client. and assume this is a non-user input. IE run from a script.

$client_search = mysql_query("SELECT * FROM `clients` WHERE `client_name LIKE '%".$_POST['key']."%' OR `crmurl` LIKE '%".$_POST['key']."%' ORDER BY `client_name`") or die(mysql_error());
$fetch_client = mysql_fetch_array($client_search);

if I run something like this I get told the syntax is incorrect, more specifically the error is..

 `You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'crmurl` LIKE '%Fake%' ORDER BY `client_name`' at line 1` 

however I can't spot anything amiss, is there anyone with a sharp-eye out there that could assist.

NOTE: Please I really dont want 5+ people telling me how mysql is obsolete and it should be using PDO::, I know but its a quick script that takes no user input and has sanitized table data.

Answer 1

As you are enclosing the whole query within double quotes, there is no need of appending the sql string because within double quotes all PHP variables will get replaced with the corresponding values. Also you missed one backticks in fieldname client_name .

$client_search = mysql_query("SELECT * FROM `clients` WHERE `client_name LIKE '%".$_POST['key']."%' OR `crmurl` LIKE '%".$_POST['key']."%' ORDER BY `client_name`") or die(mysql_error());
                                                          missing there ^         

Change the query to

$client_search = mysql_query("SELECT * FROM `clients` WHERE `client_name` LIKE '%$_POST['key']%' OR `crmurl` LIKE '%$_POST['key']%' ORDER BY `client_name`") or die(mysql_error());

Answer 2

Try like this:

$client_search = mysql_query("SELECT * FROM `clients` WHERE `client_name LIKE '%$_POST[key]%' OR `crmurl` LIKE '%$_POST[key]%' ORDER BY `client_name`") or die(mysql_error());
$fetch_client = mysql_fetch_array($client_search);

Answer 3

Change SQL Query to

SELECT * FROM `clients` WHERE `client_name` LIKE '%$_POST[key]%' OR `crmurl` LIKE '%$_POST[key]%' ORDER BY `client_name`"

or

SELECT * FROM `clients` WHERE client_name LIKE '%$_POST[key]%' OR crmurl LIKE '%$_POST[key]%' ORDER BY client_name"

Answer 4

Modify your query like this

"SELECT * FROM `clients` WHERE `client_name` LIKE '%".$_POST['key']."%' OR `crmurl` LIKE '%".$_POST['key']."%' ORDER BY `client_name`"

There's a backtick missing for client_name

Answer 5

You are missing ` in query on column name

Select * from `clients` WHERE `client_name` ...

So query should be like -

$client_search = mysql_query("SELECT * FROM `clients` WHERE `client_name` LIKE '%".$_POST['key']."%' OR `crmurl` LIKE '%".$_POST['key']."%' ORDER BY `client_name`") or die(mysql_error());

Answer 6

You are missing closing "`" at the table name. Change it to

 WHERE `client_name`

Then final query will be like

$client_search = mysql_query("SELECT * FROM `clients` WHERE `client_name` LIKE '%".$_POST['key']."%' OR `crmurl` LIKE '%".$_POST['key']."%' ORDER BY `client_name`") or die(mysql_error());

Answer 7

You have an error in your SQL syntax

$client_search = mysql_query("SELECT * FROM `clients` WHERE `client_name LIKE '%".$_POST['key']."%' OR `crmurl` LIKE '%".$_POST['key']."%' ORDER BY `client_name`") or die(mysql_error());

Replace

`client_name

with

client_name

So your query will be like

$client_search = mysql_query("SELECT * FROM `clients` WHERE `client_name` LIKE '%".$_POST['key']."%' OR `crmurl` LIKE '%".$_POST['key']."%' ORDER BY `client_name`") or die(mysql_error());