Member Avatar for sinZ

I'm getting this error in one of my scripts:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-25,25' at line 1

Below is part of the code any help would be great

<?php
;        // Initializing the message to hold the error messages
if(isset($_GET['searchid']) && $_GET['searchid'] != "") {
    $searchid = $_GET['searchid'];
    $query = mysql_query("SELECT * FROM search WHERE id = '$searchid'");
    $row = mysql_fetch_array($query);

    $search = $row['term'];
    $Limit = 25; //Number of results per page
    $searchin = $row['searchin'];
    $cats = $row['cats'];
    $orderby = $row['orderby'];
    $order = $row['order'];
    $cats = explode("&&&", $cats);
    $countcats = count($cats) -1;

} else {
    $search=$_POST[keyword];
    $searchid="";
    $Limit = 25; //Number of results per page
    $search=$_POST["keyword"]; // Get the search tearm

    $page=$_GET["page"]; //Get the page number to show   work_type  OR `synopsis` LIKE
    If($page == "") $page=1; //If no page number is set, the default page is 1

    $searchin = $_POST['search-in'];
    $cats = $_POST['category'];
    $countcats = count($cats);
    $orderby = $_POST['order-by'];
    $order = $_POST['order'];
    $search = strip_tags($search);
}

$type="links";
$users="";
if($search != "" || $search != "Admin") {
    $query = mysql_query("SELECT user_id FROM userdata WHERE `username` LIKE '%".$search."%'") or die(mysql_error());
    $users = array();
    while($row = mysql_fetch_array($query)) {
        $users[] = $row;
    }
}

$cond1="";
switch($searchin) {
    case "title": 
        $cond1 = "(title LIKE '%".$search."%')";
    break;
    case "description":
        $cond1 = "(description LIKE '%".$search."%')";
    break;
    case "photographer":
        $cond1 = "(photographer LIKE '%".$search."%')";
    break;
    case "user":
        if(count($users)) {
            foreach($users as $user) {
                $cond1 .= "(userid = '".$user['user_id']."') OR";
            }
            $cond1 = substr($cond1, 0, -3);
        }
        else {
            $cond1 = "(userid LIKE '%".$search."%')";
        }
    break;
    default:
        if(count($users)) {
            $cond0="";
            foreach($users as $user) {
                $cond0 .= "(userid = '".$user['user_id']."') OR ";
            }
            $cond0 = substr($cond0, 0, -3);

            $cond1 = "(title LIKE '%".$search."%' OR description LIKE '%".$search."%' OR photographer LIKE '%".$search."%' AND userid LIKE '%".$search."%' OR ".$cond0." )";
        }
        else {
            $cond1 = "(title LIKE '%".$search."%' OR description LIKE '%".$search."%' OR photographer LIKE '%".$search."%' OR userid LIKE '%".$search."%')";
        }
}


$cond2 = "";
$flag = 1;

if($countcats) {
    foreach($cats as $catname) {
        if($catname == "all") {
            $flag = 0;
        }
    }

    if($flag==1) {
        $cond2 = " AND (";
        foreach($cats as $catname) {
            $cond2 .= "work_type LIKE '".$catname."' OR ";
        }
        $cond2 = substr($cond2, 0, -3);
        $cond2 .= ")";
    }
}

//Get the number of results
$query = "SELECT * FROM work WHERE ".$cond1." ".$cond2." AND status='Active' ORDER BY ".$orderby." ".$order;
$SearchResult=mysql_query($query) or die(mysql_error());
$NumberOfResults=mysql_num_rows($SearchResult);
$date2 =  date("F/d/Y");

        if($searchid == "") {

        if(count($cats)) $cats2 = implode("&&&", $cats);
        else $cats2 == "";
        mysql_query("INSERT INTO  search (`term`,`last_search`, `searchin`, `cats`, `orderby`, `order`, `type`) 
            VALUES ('$search','$date2', '$searchin', '$cats2', '$orderby', '$order', '$type')") or die(mysql_error());
        $query = "SELECT id FROM search WHERE `term` = '$search' AND `searchin` = '$searchin' AND `cats` = '$cats2' AND `orderby` = '$orderby' AND `order`='$order' AND `type`='$type'";
        $query = mysql_query($query);
        $row = mysql_fetch_array($query);
        $searchid = $row['id'];
}



        $body = '
        <div class="title01-top"></div>
        <div class="title01">    
            <div class="title01-in">


        <div class="title01-in">

                <h3 class="ico-info">Returned '.$NumberOfResults.' Results For '.$search.'</h3>

            </div>


            </div>
        </div>  

        <div class="title01-bottom"></div>    ';



        echo $body ; 




//Get the number of pages
$NumberOfPages=ceil($NumberOfResults/$Limit);

$SearchResult=mysql_query("SELECT * FROM work WHERE ".$cond1." ".$cond2." AND status='Active' ORDER BY ".$orderby." ".$order." LIMIT " . ($page-1)*$Limit . ",$Limit") or die(mysql_error());

While($row = mysql_fetch_object($SearchResult)) {





      $postDesc= substr(strip_tags(html_entity_decode($row->description, ENT_QUOTES, CHARSET)), 0, 200)."...";
      $posteddate=$row->date ;
      $RateID=$row->id ;
      $name=$row->title ;
      $url=$row->url ;
      $photographer=$row->photographer ;
      $agency2=$row->agency ;
      $dop=$row->dop ;
      $director=$row->director ;




                        ?>
  • 2 Contributors
  • 3 Replies
  • 205 Views
  • 18 Minutes Discussion Span
  • Latest Post Latest Post by pritaeas
Member Avatar for pritaeas

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-25,25' at line 1

The -25,25 points to a LIMIT. The offset cannot be negative, it has to be zero or greater. It appears that $page is only initialized to 1 in the first else, yet not in the if that belongs with it.

Member Avatar for sinZ

What can I change thanks..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.