I'm getting this error in one of my scripts:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-25,25' at line 1
Below is part of the code any help would be great
<?php
; // Initializing the message to hold the error messages
if(isset($_GET['searchid']) && $_GET['searchid'] != "") {
$searchid = $_GET['searchid'];
$query = mysql_query("SELECT * FROM search WHERE id = '$searchid'");
$row = mysql_fetch_array($query);
$search = $row['term'];
$Limit = 25; //Number of results per page
$searchin = $row['searchin'];
$cats = $row['cats'];
$orderby = $row['orderby'];
$order = $row['order'];
$cats = explode("&&&", $cats);
$countcats = count($cats) -1;
} else {
$search=$_POST[keyword];
$searchid="";
$Limit = 25; //Number of results per page
$search=$_POST["keyword"]; // Get the search tearm
$page=$_GET["page"]; //Get the page number to show work_type OR `synopsis` LIKE
If($page == "") $page=1; //If no page number is set, the default page is 1
$searchin = $_POST['search-in'];
$cats = $_POST['category'];
$countcats = count($cats);
$orderby = $_POST['order-by'];
$order = $_POST['order'];
$search = strip_tags($search);
}
$type="links";
$users="";
if($search != "" || $search != "Admin") {
$query = mysql_query("SELECT user_id FROM userdata WHERE `username` LIKE '%".$search."%'") or die(mysql_error());
$users = array();
while($row = mysql_fetch_array($query)) {
$users[] = $row;
}
}
$cond1="";
switch($searchin) {
case "title":
$cond1 = "(title LIKE '%".$search."%')";
break;
case "description":
$cond1 = "(description LIKE '%".$search."%')";
break;
case "photographer":
$cond1 = "(photographer LIKE '%".$search."%')";
break;
case "user":
if(count($users)) {
foreach($users as $user) {
$cond1 .= "(userid = '".$user['user_id']."') OR";
}
$cond1 = substr($cond1, 0, -3);
}
else {
$cond1 = "(userid LIKE '%".$search."%')";
}
break;
default:
if(count($users)) {
$cond0="";
foreach($users as $user) {
$cond0 .= "(userid = '".$user['user_id']."') OR ";
}
$cond0 = substr($cond0, 0, -3);
$cond1 = "(title LIKE '%".$search."%' OR description LIKE '%".$search."%' OR photographer LIKE '%".$search."%' AND userid LIKE '%".$search."%' OR ".$cond0." )";
}
else {
$cond1 = "(title LIKE '%".$search."%' OR description LIKE '%".$search."%' OR photographer LIKE '%".$search."%' OR userid LIKE '%".$search."%')";
}
}
$cond2 = "";
$flag = 1;
if($countcats) {
foreach($cats as $catname) {
if($catname == "all") {
$flag = 0;
}
}
if($flag==1) {
$cond2 = " AND (";
foreach($cats as $catname) {
$cond2 .= "work_type LIKE '".$catname."' OR ";
}
$cond2 = substr($cond2, 0, -3);
$cond2 .= ")";
}
}
//Get the number of results
$query = "SELECT * FROM work WHERE ".$cond1." ".$cond2." AND status='Active' ORDER BY ".$orderby." ".$order;
$SearchResult=mysql_query($query) or die(mysql_error());
$NumberOfResults=mysql_num_rows($SearchResult);
$date2 = date("F/d/Y");
if($searchid == "") {
if(count($cats)) $cats2 = implode("&&&", $cats);
else $cats2 == "";
mysql_query("INSERT INTO search (`term`,`last_search`, `searchin`, `cats`, `orderby`, `order`, `type`)
VALUES ('$search','$date2', '$searchin', '$cats2', '$orderby', '$order', '$type')") or die(mysql_error());
$query = "SELECT id FROM search WHERE `term` = '$search' AND `searchin` = '$searchin' AND `cats` = '$cats2' AND `orderby` = '$orderby' AND `order`='$order' AND `type`='$type'";
$query = mysql_query($query);
$row = mysql_fetch_array($query);
$searchid = $row['id'];
}
$body = '
<div class="title01-top"></div>
<div class="title01">
<div class="title01-in">
<div class="title01-in">
<h3 class="ico-info">Returned '.$NumberOfResults.' Results For '.$search.'</h3>
</div>
</div>
</div>
<div class="title01-bottom"></div> ';
echo $body ;
//Get the number of pages
$NumberOfPages=ceil($NumberOfResults/$Limit);
$SearchResult=mysql_query("SELECT * FROM work WHERE ".$cond1." ".$cond2." AND status='Active' ORDER BY ".$orderby." ".$order." LIMIT " . ($page-1)*$Limit . ",$Limit") or die(mysql_error());
While($row = mysql_fetch_object($SearchResult)) {
$postDesc= substr(strip_tags(html_entity_decode($row->description, ENT_QUOTES, CHARSET)), 0, 200)."...";
$posteddate=$row->date ;
$RateID=$row->id ;
$name=$row->title ;
$url=$row->url ;
$photographer=$row->photographer ;
$agency2=$row->agency ;
$dop=$row->dop ;
$director=$row->director ;
?>