dynamic query err

weazy

I am trying to write a dynamic select query so that users can choose to search by any one of several terms but am getting an error, here is the code, the error is after the code:

if ($proc_form == 1)
{
$query = "SELECT mailname, address, city, state, zipcode FROM ContactMaster WHERE ";
$parameterStr = "";

if ($name != "")
{
$parameterStr = "f_name LIKE '%$name%' OR l_name LIKE '%$name%' OR mailname LIKE '%$name%' OR contact LIKE '%$name%'";
}
if ($contype_id != "")
{
$parameterStr = "contype_id = $contype_id ";
}
if ($city != "")
{
$parameterStr = "city = ".$city;
}
if ($zipcode != "")
{
$parameterStr = "zipcode = '$zipcode'";
}
if ($showall != "0")
{
if ($showall = "1")
{
$parameterStr = "electedofficial = '1'";
}
elseif ($showall = "2")
{
$parameterStr = "volunteer = '2'";
}
elseif ($showall = "3")
{
$parameterStr = "";
}
elseif ($showall = "4")
{
$parameterStr = "";
}
}
echo $query = $query.$parameterStr;

$query = $query.$parameterStr;
$mysql_result = mysql_query($query) or die (mysql_error());
$num_rows = mysql_num_rows($mysql_result);

if ($num_rows == 0) {
echo "Sorry, no records match that search term. Please try again.";
} else {
echo "<TABLE ALIGN=\"LEFT\" WIDTH=\"75%\" BORDER=\"0\">";
echo "<TR><td><strong>Name</td><td><strong>Address</td><td><strong>City</td><td><strong>State</td></TR>";

while ($row=mysql_fetch_array($mysql_result))
{
$contact_id = $row["contact_id"];
$mailname = $row["mailname"];
$mailname = ucwords($mailname);
$address = $row["address"];
$city = $row["city"];
$state = $row["state"];
$zipcode = $row["zipcode"];

if ($mailname == '')
{
$mailname = ' ';
}
if ($address == '')
{
$address = ' ';
}
if ($city == '')
{
$city = ' ';
}
if ($state == '')
{
$state = ' ';
}
if ($zipcode == '')
{
$zipcode = ' ';
}

print "<form method = 'get' action='../forms/donor_history.php' name = 'the_form".$contact_id."'>";
print "<TR><TD><a href='javascript:document.the_form".$contact_id.".submit();'>$mailname</a></td><td>$address</TD><TD>$city</TD><TD>$state</TD><TD>$email</TD></TR>";
print "<input type='hidden' name = 'contact_id' value = '".$contact_id."'>";
print "<input type='hidden' name = 'mailname' value = '".$mailname."'>";
print "<input type='hidden' name = 'address' value = '".$address."'>";
print "<input type='hidden' name = 'city' value = '".$city."'>";
print "<input type='hidden' name = 'state' value = '".$state."'>";
print "<input type='hidden' name = 'zipcode' value = '".$zipcode."'></form>";
}
}
mysql_close();

} else {

?>
<form name="advanced search" method="get" action="<?php echo $PHP_SELF; ?>">
<table width="75%" border="0">
<tr>
<td><strong>Advanced Donor Search</strong></td>
<td colspan="4"> </td>
</tr>
<tr>
<td width="34%"> </td>
<td width="0%"> </td>
<td width="24%"> </td>
<td width="2%"> </td>
<td width="40%"> </td>
</tr>
<tr>
<td>Name</td>
<td> </td>
<td><input type="text" name="name"></td>
<td> </td>
<td> </td>
</tr>
<tr>
<td>Contact Type</td>
<td> </td>
<td><?php contact_type(); ?></td>
<td> </td>
<td> </td>
</tr>
<tr>
<td>City</td>
<td> </td>
<td><input type="text" name="city"></td>
<td> </td>
<td> </td>
</tr>
<tr>
<td>Zipcode</td>
<td> </td>
<td><input type="text" name="zipcode"></td>
<td> </td>
<td> </td>
</tr>
</table>

the error:
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'city = 'new york'' at line 1

echo'g the query looks like:
SELECT mailname, address, city, state, zipcode FROM ContactMaster WHERE city = new york

cahva

No comment on the code but you forgot single quotes from this:

$parameterStr = "city = ".$city;

..Should be:

$parameterStr = "city = '$city'";

weazy

when i make that change, i still get an error:

SELECT mailname, address, city, state, zipcode FROM ContactMaster WHERE city = 'indianapolis' You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'city = 'indianapolis'' at line 1