0
$colname_rs_txtSearchFirstname = $_POST['txt_search'];    
$sql_rs_txtSearch = sprintf("SELECT * FROM staffstu WHERE lastname = %s OR 
                    firstname = %s ORDER BY lastname, firstname ASC", 
                    GetSQLValueString($colname_rs_txtSearchFirstname, "text", 
                    $colname_rs_txtSearchFirstname, "text"));

It always gives

mysql_error

If I do not use "sprintf" that's working fine. I can't find the solution.

Sebastian Brosch
  • 42,106
  • 15
  • 72
  • 87
faifai
  • 5
  • 2

1 Answers1

0

You are missing a parameter for the second %s! You should get the following PHP warning

Warning: sprintf(): Too few arguments

$colname_rs_txtSearchFirstname = $_POST['txt_search'];    
$sql_rs_txtSearch = sprintf("SELECT * FROM staffstu WHERE lastname = %s OR 
                firstname = %s ORDER BY lastname, firstname ASC", 
                GetSQLValueString($colname_rs_txtSearchFirstname, "text", 
                $colname_rs_txtSearchFirstname, "text"), <missing_param>);

I think you want this (check if it is correct)

$colname_rs_txtSearchFirstname = $_POST['txt_search'];    
$sql_rs_txtSearch = sprintf("SELECT * FROM staffstu WHERE lastname = '%s' OR 
                firstname = '%s' ORDER BY lastname, firstname ASC", 
                GetSQLValueString($colname_rs_txtSearchFirstname, "text"), 
                GetSQLValueString($colname_rs_txtSearchLastname, "text"));

You should not use the mysql_* functions. More information here: Why shouldn't I use mysql_* functions in PHP?

Community
  • 1
  • 1
Sebastian Brosch
  • 42,106
  • 15
  • 72
  • 87
  • Thanks sebastianbrosch, it work now after added your suggested arguments and remove the type of variable ($colname_rs_txtSearchFirstname) – faifai Nov 11 '15 at 11:52