I have a php code that suppose to have a user enter a number in and it out puts all people in my database who is the same age or younger. Instead of it working it give me the error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%39%' at line 1

Code:

<html>
  <head>
    <title>Display Records</title>
  </head>
  <body>
    <?php
      $conn = new mysqli("localhost", "proxy_user",
            "my*password", "m9");
      if (mysqli_connect_errno()){
          echo 'Cannot connect to database: ' .
              mysqli_connect_error($conn);
      }
      else{
         //read keyword from user
         if(!empty($_POST["keyword"])){
            $keyword = "%".$_POST["keyword"]."%";
             // create prepared statement
           if ($query = mysqli_prepare($conn,
          "SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <= $keyword ")) {

          // bind parameters
          mysqli_stmt_bind_param ($query, "i", $keyword);

            //run the query and keep results in $result variable
            mysqli_stmt_execute($query);

            // bind variables to prepared statement
            mysqli_stmt_bind_result($query, $FirstName, $LastName, $Age, $Hometown, $Job);

            // fetch values
            while (mysqli_stmt_fetch($query)) {
                 echo "<strong>$LastName, $FirstName</strong> from $Hometown<br/>age: $Age, occupation: $Job <br/><br/>";
             }

           //free memory used by a result handle
           mysqli_stmt_close ($query);
            } else //problem with a query
              echo "Error: " . mysqli_error($conn);
          } else { //no keyword
              echo "No keyword was specified";
          }

         mysqli_close($conn);
     }
?>
  </body>
</html>

Add single quotes around $keyword:

"SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <= '$keyword' "

Also use CODE tags when posting to the forum, bye :)

Thank you it works but it still gives me an error on 22:
Warning: mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: Number of variables doesn't match number of parameters in prepared statement in E:\xampp\htdocs\m9\findRecords2.php on line 22

<html>
  <head>
    <title>Display Records</title>
  </head>
  <body>
    <?php
      $conn = new mysqli("localhost", "proxy_user", 
            "my*password", "m9");
      if (mysqli_connect_errno()){
          echo 'Cannot connect to database: ' . 
              mysqli_connect_error($conn);
      }
      else{
         //read keyword from user
         if(!empty($_POST["keyword"])){
            $keyword = $_POST["keyword"]; 
             // create prepared statement 
           if ($query = mysqli_prepare($conn, 
          "SELECT FirstName, LastName, Age, Hometown, Job FROM people WHERE age <= '$keyword'")) {

	       // bind parameters
	       mysqli_stmt_bind_param ($query, "i", $keyword);
             
            //run the query and keep results in $result variable
            mysqli_stmt_execute($query);

            // bind variables to prepared statement 
            mysqli_stmt_bind_result($query, $FirstName, $LastName, $Age, $Hometown, $Job);

            // fetch values 
            while (mysqli_stmt_fetch($query)) {
                 echo "<strong>$LastName, $FirstName</strong> from $Hometown<br/>age: $Age, occupation: $Job <br/><br/>";
             }

           //free memory used by a result handle 
	        mysqli_stmt_close ($query);
            } else //problem with a query
              echo "Error: " . mysqli_error($conn);
          } else { //no keyword 
              echo "No keyword was specified";
          }
         
         mysqli_close($conn);
     }
?>
  </body>
</html>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.