PHP and SQL Syntax Error???

Whats wrong in this syntax?
$sql="SELECT * FROM $tbl_name where Project='". $_POST['Project'] ."'";

Wont it take input from any user?

But its not working.
\
Pls Help

$sql="SELECT * FROM ".$tbl_name." where Project='". $_POST['Project'] ."'";

Your syntax looks correct, but your should always validate what's coming in via HTTP POST.

There's no real reason why that shouldn't work, based on your database table having a column named "Project" - Table names are case sensitive.

Your not giving us very much to work with. that line looks fine despite the SQL injection vulnerability.

Also sometimes it's a good idea to use the backquote "`" (Next to number one key) when secifying a column name:

$sql="SELECT * FROM ".$tbl_name." WHERE `Project`='". $_POST['Project'] ."'";

Also sometimes it's a good idea to use the backquote "`" (Next to number one key) when secifying a column name:

For MySQL perhaps, but for other SQL dialects it would be a double quote or brackets.