Search database error.

teamfox20

When using $posit = $_POST['search_position']; to search for say Accounting (specific error below) in my database...if Accounting does not exists it comes back with this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'Accounting\'' at line 1

How can I prevent this, using my current code below?

$pay (POST from dropdown menu) uses in the value < and =
$exp (POST from dropdown menu) uses in the value < and =
$ava (POST from dropdown menu) uses in the value < and =

The fields above work great by themselves. When i add the $posit to the search that it gets that error if it does not find that search criteria in the field.

$posit (POST from dropdown menu) uses only = Accounting .... etc many categories

if ((isset($_POST["MM_Search"])) && ($_POST["MM_Search"] == "form1")) {
   $pay = $_POST['search_pay'];
   $exp = $_POST['search_experience'];
   $ava = $_POST['search_availability'];
   $posit = $_POST['search_position'];
  mysql_select_db($database_myconn_user, $myconn_user);
$query_swap_search = "SELECT * FROM employee_swap WHERE e_hourly_pay $pay AND e_experience $exp AND e_avilability $ava AND e_position $posit";
$swap_search = mysql_query($query_swap_search, $myconn_user) or die(mysql_error());
while($row_swap_search = mysql_fetch_assoc($swap_search)){

echo "<div align=\"center\">";
echo "<table width=\"900\" border=\"2\" bordercolorlight=\"000000\" bordercolordark=\"000000\" cellspacing=\"3\" height=\"52\" class=\"style20\">";
echo "<tr>";
echo "<th scope=\"row\" width=\"148\" height=\"23\">";
echo "Name:";
echo "</th>";

echo "<th scope=\"row\" width=\"148\" height=\"23\">";
echo "Hourly Pay:";
echo "</th>";

echo "<th scope=\"row\" width=\"149\" height=\"23\">";
echo "Availability (Days):";
echo "</th>";

echo "<th scope=\"row\" width=\"149\" height=\"23\">";
echo "Experience:";
echo "</th>";

echo "<th scope=\"row\" width=\"149\" height=\"23\">";
echo "aa</th>";

echo "<th scope=\"row\" width=\"149\" height=\"23\">";
echo "View Profile:</th>";

echo "</tr>";
echo "<tr>";
echo "<th scope=\"row\" width=\"148\">";
echo $row_swap_search['e_first_name']; 
echo " ".$row_swap_search['e_last_name'];
echo "</th>";
echo "<th scope=\"row\" width=\"148\">";
echo "$".$row_swap_search['e_hourly_pay'];
echo "</th>";

echo "<th scope=\"row\" width=\"149\">";
echo $row_swap_search['e_avilability'];
echo "</th>";

echo "<th scope=\"row\" width=\"149\">";
echo $row_swap_search['e_experience'];
echo "</th>";

echo "<th scope=\"row\" width=\"149\">";
echo "</th>";

echo "<th scope=\"row\" width=\"149\">";

echo "</th>";

echo "</tr>";
echo "<br>";
echo "</span>";
echo "</th>";
echo "</tr>";
echo "</table>";

}
}
else
{
echo "Please choose search criteria.";
}

  ?>

igorlopez

What does your query string evaluate to?

And also be a little bit more specific with respect to your SQL error.
Do you always getting it or just under certain circumstances?
If it only during certain circumstances we need to see the query string for that occasion.