Howdy_McGee
Reputation: 10635
PHP and MYSQL - Querying A Variable
Ok, I have this PHP $_POST['username'] variable and I need to query everything on the user via MYSQL. The only problem is it keeps throwing me errors.
something like
$user = $_POST['username'];
$query = mysql_query("SELECT * FROM user WHERE username = $user");
I've tried
$query = mysql_query("SELECT * FROM user WHERE username = `$user`");
$query = mysql_query("SELECT * FROM user WHERE username = ".$user);
Not sure what i'm doing wrong.
Upvotes: 0
Views: 96
Answers (3)
OMG Ponies
Reputation: 332531
Your problem is that strings in SQL need to be enclosed in single quotes.
The most preferable approach would be to use PDO. But sprintf (along with mysql_real_escape_string) is a better interim approach that what is posted:
$query = sprintf("SELECT u.*
FROM USER u
WHERE u.username = '%s'",
mysql_real_escape_string($_POST['username']));
$result = mysql_query($query);
Lest we forget Little Bobby Tables ;)
Upvotes: 1
afaolek
Reputation: 8811
Use this:
$query = mysql_query("SELECT * FROM user WHERE username = '$user'");
Upvotes: 0
SeanCannon
Reputation: 77956
$user = $_POST['username'];
$query = ('SELECT * FROM user WHERE username LIKE "' . $user . '"');
Upvotes: 1
Related Questions
- Query with variables in MySQL
- How do you use variables in a PHP SQL query?
- PHP Variable and MySQL Querying
- PHP MySQL query with variables
- Placing a PHP variable in a MySQL query
- MySQL query data into a PHP variable
- variable in SQL query - PHP MYSQL
- PHP Variable in MySQL Query
- Using variable with query
- PHP variable within a MySql query