警告：mysql_fetch_array（）期望参数1是资源，布尔给定7 [重复]

Firstly, I've edited your post slightly to make the code more readable as the formatting was a bit off.

Secondly, your SQL query is very prone to SQL injection attacks as you are directly using POST variables in the query without first sanitising them. You should always sanitise variables before using them in queries. If you're expecting an integer, I suggest you do it as follows:

$var = (isset($_POST['var']) ? (int)$_POST['var'] : null);

And strings as follows:

$var = (isset($_POST['var']) ? mysql_real_escape_string($_POST['var']) : null);

Thirdly, the mysql_*() functions have been deprecated and will be removed from a future version of PHP. It is currently recommended that you use the mysqli_*() functions or class, or even better the PDO library.

And lastly, regarding your error, MySQL is returning an error number as your query is not valid. Your statement should read as follows:

$staff = "SELECT `e_id`, `e_fname`, `e_mi`, `e_lname`,
                 `e_fin_cm`, `department`, `job`
          FROM `employees`
          WHERE {$fieldname} LIKE {$fieldvalue}
          ORDER BY `e_lname` ASC";

This, in conjunction with the following checking on those fields, should work:

$fieldname = (isset($_POST['tableya'])
                 && in_array($_POST['tableya'], array(
                     'e_id', 'e_fname', 'e_mi', 'e_lname',
                     'e_fin_cm', 'department', 'job'
                 )) ? mysql_real_escape_string($_POST['tableya']) : null);

$fieldvalue = (isset($_POST['whatever'])
                ? '\'' . mysql_real_escape_string($_POST['whatever']) . '%\''
                : null);

if ($fieldname && $fieldvalue) {
    $sql = "SELECT `e_id`, `e_fname`, `e_mi`, `e_lname`,
                   `e_fin_cm`, `department`, `job`
            FROM `employees`
            WHERE {$fieldname} LIKE {$fieldvalue}
            ORDER BY `e_lname` ASC";
    $result = mysql_query($sql);
    if ($result) {
        while ($row = mysql_fetch_assoc($result)) {
            // output data
        }
        mysql_free_result($result);
    } else {
        // Query was invalid
        print('MySQL error: [' . mysql_errno() . '] ' . mysql_error());
    }
} else {
   print('Invalid field name or value.');
}

Your query has most likely failed, which returns false instead of a resource handle.

Check your returns.

if( ! $result = mysql_query($staff) ) {
    die(mysql_error());
}

This happens because your mysql_query() is failing (returning boolean false) and you haven't put any error checks in place.

First of all, you should output any MySQL errors fatally:

$result = mysql_query($staff) or die(mysql_error());

Secondly, your problem is like to be this part of your SQL:

like ".$_POST['whatever']."%

You should wrap that in single quotes because it is a string value not a field name:

like '".$_POST['whatever']."%'

Lastly, this process you're using (inserting posted data straight into SQL) is highly vulnerable to SQL injection, and is very bad practice. The mysql_* library has been deprecated for a while now, and you should definitely be moving towards using mysqli_* or parameterized queries with PDO where these vulnerabilities are substantially reduced.

When you encounter such errors (boolean instead of resource) means your query is failed. I think you missing quotes here:

Change:

...like ".$_POST['whatever']."% ...

to this:

...like '".$_POST['whatever']."%' ...

Most-likely $result is false because there's an error with your SQL or something else going on.

Add this right after $result to see if my assumption is correct.

if (!$result) {
    die('Invalid query: ' . mysql_error());
}