1

I am trying to submit a query from a site to retrieve certain records from a MySQL db. When I execute the query from the site form, I get the mysql_error() return of 'Invalid query: Query was empty' when I know it's not empty. 

$Level = $_POST['level'];
$Year  = $_POST['year'];
$Name  = $_POST['name'];
$Award  = $_POST['award'];

$query = mysql_query("SELECT *
    FROM wineawards
    WHERE LEVEL = $Level
      OR YEAR = $Year
      OR name = $Name
      OR award = $Award

    ");

$result = mysql_query($query);

Not sure if I am missing something here, or typing something wrong?

underscore
  • 6,495
  • 6
  • 39
  • 78
user3625618
  • 111
  • 5
  • always check you POST values and wrap your variables with single quotes like this `'$Level'` ,`'$Year'`..and others – ɹɐqʞɐ zoɹǝɟ May 11 '14 at 13:53
  • 2
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin May 11 '14 at 14:01
  • check your POST variables, like, $Level = isset($_POST['level']) ? $_POST['level'] : ''; and in the query use single quotes $query = mysql_query("SELECT * FROM wineawards WHERE `LEVEL` = '$Level' OR `YEAR` = '$Year' OR `name` = '$Name' OR `award` = '$Award' "); – Abdul Rauf May 11 '14 at 14:10

2 Answers2

0
$query = mysql_query("SELECT *
    FROM wineawards
    WHERE LEVEL = '$Level'
      OR YEAR = '$Year'
      OR name = '$Name'
      OR award = '$Award'

    ");

$result = mysql_query($query);
user3470953
  • 11,025
  • 2
  • 17
  • 18
0

What about this?

$query = mysql_query("SELECT *
  FROM wineawards
  WHERE LEVEL = '" . $Level . "'
  OR YEAR = '" . $Level . "'
  OR name = '" . $Name . "'
  OR award = '" . $Award . "'

 ");
TED
  • 1,829
  • 5
  • 18
  • 36