Trying to create category wise filtering in the view where i list stuff and getting an error in php?

Question

I have a simple crud application where i am listing certain information . i need to create a filter on the basis of category but am getting an error.

I get the error: Notice: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'mysql_real_escape_string()' at line 1 in C:\wamp\www\media universe\list.php on line 6

Also tell me if I am going wrong with the filtering.

<?php
include('config.php');
$result = mysql_query("SELECT * FROM `media_universe`") or trigger_error(mysql_error());
if (isset($_POST['submitted_filter'])) {
$filter_category= $_POST[category_filter];
$result = mysql_query("SELECT * FROM `media_universe` where category= '%s',mysql_real_escape_string($filter_category)") or trigger_error(mysql_error());
}
?>
<form action='' method='POST'>
<p><b>Category:</b>&nbsp;&nbsp;&nbsp;<select name="category">
<option>All</option>
<option>Lifestyle</option>
<option>Automobiles</option>
<option>FoodandBeverage</option>
<option>Health</option>
<option>IT</option>
<option>Telecom</option>
<option>EntertainmentandCelebrity</option>
<option>Education</option>
<option>BankingInvestmentandInsurance</option>
<option>Travel</option>
<option>Sports</option>
<option>Parenting</option>
<option>ConsumerElectronics</option>
<option>RealtyandLogistics</option>
<option>CauseLed</option>
</select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<p><input type='submit' value='Filter' /><input type='hidden' value='1' name='submitted_filter' />
</form>
<?php
include('config.php');
echo "<table border=1 >";
echo "<tr>";
echo "<td><b>Id</b></td>";
echo "<td><b>Category</b></td>";
echo "<td><b>Coursedetail</b></td>";
echo "<td><b>Nameofblog</b></td>";
echo "<td><b>Blogdescription</b></td>";
echo "<td><b>Nameofsocialnetworkiforkfac</b></td>";
echo "<td><b>Nameofsocialnetworkifnotorkfac</b></td>";
echo "<td><b>Nameofsocnetcommunity</b></td>";
echo "<td><b>Numberofmembersinsocnetcommunity</b></td>";
echo "<td><b>Nameofdiscussionforum</b></td>";
echo "<td><b>Descriptionofdiscussionforum</b></td>";
echo "<td><b>NameofQNAsite</b></td>";
echo "<td><b>Nameofnewssite</b></td>";
echo "<td><b>DescriptionofQNAsite</b></td>";
echo "</tr>";
while($row = mysql_fetch_array($result)){
foreach($row AS $key => $value) { $row[$key] = stripslashes($value); }
echo "<tr>";
echo "<td valign='top'>" . nl2br( $row['id']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['category']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['coursedetail']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['nameofblog']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['blogdescription']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['nameofsocialnetworkiforkfac']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['nameofsocialnetworkifnotorkfac']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['nameofsocnetcommunity']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['numberofmembersinsocnetcommunity']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['nameofdiscussionforum']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['descriptionofdiscussionforum']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['nameofQNAsite']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['nameofnewssite']) . "</td>";
echo "<td valign='top'>" . nl2br( $row['descriptionofQNAsite']) . "</td>";
echo "<td valign='top'><a href=edit.php?id={$row['id']}>Edit</a></td><td><a href=delete.php?id={$row['id']}>Delete</a></td> ";
echo "</tr>";
}
echo "</table>";
echo "<a href=new.php>New Row</a>";
?>

Answer 1

Your error, as the error message states, is here:

"SELECT * FROM `media_universe` where category='%s',mysql_real_escape_string($filter_category)"

You're constructing the string incorrectly. You were probably thinking of using sprintf, but didn't. This should do it:

"SELECT * FROM `media_universe` where category='" . mysql_real_escape_string($filter_category) . "'"