PHP MYSQL select command

Question

spideyprasad 0 Newbie Poster

14 Years Ago

I created a php page.
this is my code.

$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql = mysql_query("SELECT * FROM $tbl_name WHERE (Order = '" . $_POST['order'] . "')") or die(mysql_error());

But its showing error like this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Order = 'xx')' at line 1

Please clear my error.

mysql php

Edited 14 Years Ago by Ezzaral because: Added code tags. Please use them to format any code that you post.

4 Contributors
3 Replies
133 Views
21 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by monica singh

theonly 0 Light Poster

14 Years Ago

Your error occurred with the used of ". In other words you used " too many times.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

quasipickle 0 Light Poster · Answer 1 · 2010-10-26T23:03:15+00:00

Put the query in a string, and output that string. Your query is broken somehow.

Remember to never put raw $_POST data in your query - run it through mysql_real_escape_string() first to avoid injection.

Also, please wrap your code in tags.

monica singh 0 Light Poster · Answer 2 · 2010-10-27T12:57:06+00:00

Hi, jus try to do like this.....

<?php
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
    OR die(mysql_error());

// Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
            mysql_real_escape_string($user),
            mysql_real_escape_string($password));
?>