Help with ajax form


#1
*
Posts: 1
    View Profile
    Personal Message (Online)

PHP
« on: Yesterday at 14:24:51 »

Quote
Modify
Remove

I have a php code that suppose to have a user enter a number in and it out puts all people in my database who is the same age or younger. Instead of it working it give me the error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘%39%’ at line 1

Code:

Display Records <?php $conn = new mysqli("localhost", "proxy_user", "my*password", "m9"); if (mysqli_connect_errno()){ echo 'Cannot connect to database: ' . mysqli_connect_error($conn); } else{ //read keyword from user if(!empty($_POST["keyword"])){ $keyword = "%".$_POST["keyword"]."%"; // create prepared statement if ($query = mysqli_prepare($conn, "SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <= $keyword ")) {
      // bind parameters
      mysqli_stmt_bind_param ($query, "i", $keyword);
         
        //run the query and keep results in $result variable
        mysqli_stmt_execute($query);

        // bind variables to prepared statement
        mysqli_stmt_bind_result($query, $FirstName, $LastName, $Age, $Hometown, $Job);

        // fetch values
        while (mysqli_stmt_fetch($query)) {
             echo "<strong>$LastName, $FirstName</strong> from $Hometown<br/>age: $Age, occupation: $Job <br/><br/>";
         }

       //free memory used by a result handle
       mysqli_stmt_close ($query);
        } else //problem with a query
          echo "Error: " . mysqli_error($conn);
      } else { //no keyword
          echo "No keyword was specified";
      }
     
     mysqli_close($conn);
 }

?>

Modify message

#2

I think your problem is the percents in the variable passed from the form…

  $keyword = "%".$_POST["keyword"]."%";

Should be:

$keyword = $_POST["keyword"];

Otherwise, when it searches your database for age, it will be looking for %18%, not 18…

Try that and if it fails, show us the line it is failing on…


#3

Thank you Ive much tried every thing then when i fix it brings me back to this error keeps popping up
Error
Parse error: syntax error, unexpected T_STRING in E:\xampp\htdocs\m9\findRecords2.php on line 22

Display Records <?php $conn = new mysqli("localhost", "proxy_user", "my*password", "m9"); if (mysqli_connect_errno()){ echo 'Cannot connect to database: ' . mysqli_connect_error($conn); } else{ //read keyword from user if(!empty($_POST["keyword"])){ $keyword = $_POST["keyword"]; // create prepared statement if ($query = mysqli_prepare($conn, "SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <= $keyword )) {
       // bind parameters
[size=12pt]       mysqli_stmt_bind_param ($query, "i", $keyword);[/size]
         
        //run the query and keep results in $result variable
        mysqli_stmt_execute($query);

        // bind variables to prepared statement 
        mysqli_stmt_bind_result($query, $FirstName, $LastName, $Age, $Hometown, $Job);

        // fetch values 
        while (mysqli_stmt_fetch($query)) {
             echo "<strong>$LastName, $FirstName</strong> from $Hometown<br/>age: $Age, occupation: $Job <br/><br/>";
         }

       //free memory used by a result handle 
        mysqli_stmt_close ($query);
        } else //problem with a query
          echo "Error: " . mysqli_error($conn);
      } else { //no keyword 
          echo "No keyword was specified";
      }
     
     mysqli_close($conn);
 }

?>


#4

Well, you are the first person I have seen using “Prepared statements”. So far everyone has been using the standard way. Not sure what you have incorrectly, but, it looks like your keyword is still the problem…
You created a variable $keyword, but it is not actually placed into the query. Or, I don’t think so!

This:
"SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <= $keyword )) {

Should be:
[php]
"SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <= " . $keyword . ")) {
[/php]
Try that and let us know…


#5

thank you now it gives me error still on 22:
Warning: mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: Number of variables doesn’t match number of parameters in prepared statement in E:\xampp\htdocs\m9\findRecords2.php on line 22
[php]

Display Records <?php $conn = new mysqli("localhost", "proxy_user", "my*password", "m9"); if (mysqli_connect_errno()){ echo 'Cannot connect to database: ' . mysqli_connect_error($conn); } else{ //read keyword from user if(!empty($_POST["keyword"])){ $keyword = $_POST["keyword"]; // create prepared statement if ($query = mysqli_prepare($conn, "SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <= " . $keyword ." ")) {
       // bind parameters
       mysqli_stmt_bind_param ($query, "i", $keyword);
         
        //run the query and keep results in $result variable
        mysqli_stmt_execute($query);

        // bind variables to prepared statement 
        mysqli_stmt_bind_result($query, $FirstName, $LastName, $Age, $Hometown, $Job);

        // fetch values 
        while (mysqli_stmt_fetch($query)) {
             echo "<strong>$LastName, $FirstName</strong> from $Hometown<br/>age: $Age, occupation: $Job <br/><br/>";
         }

       //free memory used by a result handle 
        mysqli_stmt_close ($query);
        } else //problem with a query
          echo "Error: " . mysqli_error($conn);
      } else { //no keyword 
          echo "No keyword was specified";
      } 
     
     mysqli_close($conn);
 }

?>

[/php]


#6

Sorry, left out the quotes… Not sure about your database, so wasn’t sure if you are using strings for age or numbers… Try this one…

[php]

   if ($query = mysqli_prepare($conn, 
     "SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <='" . $keyword . "')) {

[/php]

If it is a string, you have to use quotes around it to be 100% correct for SQL queries…


#7

keyword / age is an int and i tried it this way
[php] if ($query = mysqli_prepare($conn,
“SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <=’” . $keyword . "’ ")) {[/php]
and got Warning: mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: Number of variables doesn’t match number of parameters in prepared statement in E:\xampp\htdocs\m9\findRecords2.php on line 22
Swanson, Joseph from Quahog
age: 39, occupation: Police Officer

and i tried it this way
if ($query = mysqli_prepare($conn,
[php] “SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <=’” . $keyword . "’)) {
{[/php]
and got this
Parse error: syntax error, unexpected T_STRING in E:\xampp\htdocs\m9\findRecords2.php on line 22


#8

Well, going by this tutorial I found, they say you do not use your $conn inside of the PREPARE…
So, this:
if ($query = mysqli_prepare($conn,
“SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <=’” . $keyword . "’ ")) {
becomes this:
[php]
if ($query = mysqli_prepare(
“SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <=” . $keyword)) {
[/php]
Note: I set it for INT for the age… See if that fixes it. (I have to leave in 30 minutes or so…)


#9

Sorry, here is that link:
http://mattbango.com/notebook/web-development/prepared-statements-in-php-and-mysqli/


#10

thanks for the link still get error
Warning: mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: Number of variables doesn’t match number of parameters in prepared statement in E:\xampp\htdocs\m9\findRecords2.php on line 22

[php] if ($query = mysqli_prepare($conn,
“SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <=” . $keyword)) {

       // bind parameters
       mysqli_stmt_bind_param ($query, "i", $keyword);[/php]

ill check the link out thank you so much for you help


#11

You didn’t take out the $conn, in this last post of yours! Good luck with the reading…