getting error msg need help

fataah

new to php, need help. I am using this syntax

$sql .= " $name LIKE \"$value\" AND ";

$value is a variable, is it ok to use apostrophes around it or not. Please take a look on the error message below

mysql error in Search_handler->get_listings:

query:


			SELECT DISTINCT profile_id, company_name FROM profile



			LEFT JOIN j_profile_to_region jpr

				ON profile.profile_id = jpr.j_profile_id

			LEFT JOIN region r

				ON jpr.j_region_id = r.region_id



			LEFT JOIN j_profile_to_product_category jpc

				ON jpc.j_profile_id = profile.profile_id

			LEFT JOIN product_category_tertiary ter

				ON jpc.j_product_category_tertiary_id = ter.product_category_tertiary_id

			LEFT JOIN product_category_secondary pcs

				ON pcs.product_category_secondary_id = ter.j_product_category_secondary_id



			WHERE			

		 (  company_name LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  listing_address_1 LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  listing_address_2 LIKE "%%\'"></title><a href=http://>MY SITE</a><%%" OR  listing_city LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  listing_state LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  listing_country LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  listing_url LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  listing_description LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  listing_election_exp LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  region_name LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  product_category_secondary_id LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  product_category_tertiary_id LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR 
  region_id LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  product_category_secondary_name LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%" OR  product_category_tertiary_name LIKE "%%\'"></title><a href=http://site.ru/>MY SITE</a><%%"  ) AND 

					 (

						(listing_exp_date > NOW()

							 AND listing_address_1 != "" 

							 AND listing_contact != ""

							 AND listing_description != "" 

							 AND  (ISNULL(listing_status) OR listing_status != "3")

						)

						OR listing_status ="2"

					)



	 ORDER BY profile.company_name ASC

error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 

'>

</title>

<a href=http://site.ru/>

MY SITE</a>

<%%" 

OR  

listing_address_1 LIKE "%%\' at line 16

bpat1434

You should be using single-quotes around the values, not double.

$sql .= "$name LIKE '$value' AND ";

You should also run [man]mysql_real_escape_string()[/man] on any user input so that it's "safe" to execute.

And lastly, please use [noparse]

[/noparse] tags to post PHP code and [noparse]

[/noparse] tags to post general code. Makes it much easier to see errors as well as read the code.