简单的PHP搜索查询[关闭]

I'm trying to make a simple search query script, that will pull results from a form and return results from a database accordingly.

'connect.php'

<?php

$strServer = "http://server33.000webhost.com";
$strDatabase = "******";
$strUser = "******";
$strPwd = "******";

$strDB = mysql_connect($strServer, $strUser, $strPwd) or die ("Could not connect to database"); print mysql_error();
$database = mysql_select_db("$strDatabase", $strDB); print mysql_error();   
?>

'search.php'

<?php

ini_set ('display_errors', 1);

include ('connect.php'); print mysql_error();

$query = ('SELECT * FROM 'properties' WHERE ('type' = '$_POST['type']') OR ('area' = '$_POST['area']')');
$result = mysql_query($query) or die ("Couldn't execute query."); print mysql_error();

while($r = mysql_fetch_array($result)) 
{
echo $r['type'];
echo $r['area'];
}
?>

I've searched countless forums and tutorials, and can't see what I'm doing wrong. Please please help me! Thanks in advance

I suggest you to Change your query like this

$query = "SELECT * FROM `properties` 
          WHERE (`type` = '".mysql_escape_string($_POST['type'])."') 
          OR (`area` = '".mysql_escape_string($_POST['area'])."')";

And try to avoid mysql_* functions,better to use mysqli and try mysql_escape_string for the post and get values

There are two things you should review: include ('connect.php'); print mysql_error();

it is best to not use mysql_error() at standalone statement. Anyway theres not much need of mysql error here in search.php page. One more correction you may make is: (connection.php) $database = mysql_select_db("$strDatabase", $strDB) or die("error while connecting to database".mysql_error());

Lastly, all the parsing error you might be getting is due to this statement.

$query = ('SELECT * FROM 'properties' WHERE ('type' = '$_POST['type']') OR ('area' = '$_POST['area']')');

When you start a string block with ' then the end of block is also '. Next, two strings cannot be simply concatenated, you must use . symbol.

ie

$a='make me'.'good'; //valid
$b='hello'$a'!!thanks'; // invalid
$b='hello'.$a.'!!thanks'; //valid (concatenation is used here with . sign)

$otherway="hello {$a} !!thanks"; //valid

so your code can be written as

$query = "SELECT * FROM 'properties' WHERE 'type' = '$_POST['type']' OR 'area' = '$_POST['area']'";

This is because " starts and " ends the string but it doesnot care about ' inside the program.