• PHP Help PHP Coding

  • You have an error in your SQL syntax; check the manual that corresponds to your MySQL

you only have to escape quotes if you intend for them to be used/output... in this case you dont

$query = "SELECT user_info.username, user_info.password, user_info.UserID, user_info.EmailAddress, user_info.Address, user_info.Postcode, user_info.FirstName, user_info.LastName FROM user_info WHERE user_info.username = $username";

theres also really no reason to prefix your field selections with "user_info" since you are only querying one table but thats really a matter of preference😃

    scrupul0us;10917298 wrote:

    you only have to escape quotes if you intend for them to be used/output... in this case you dont

    $query = "SELECT user_info.username, user_info.password, user_info.UserID, user_info.EmailAddress, user_info.Address, user_info.Postcode, user_info.FirstName, user_info.LastName FROM user_info WHERE user_info.username = $username";

    theres also really no reason to prefix your field selections with "user_info" since you are only querying one table but thats really a matter of preference😃

    Thanks mate

    I am now getting the error

    Unknown column 'tom' in 'where clause'

    Can you help me please:eek:

      Unknown column 'tom' in 'where clause'

      with the same code above

        that would be my bad... when you pass character strings in mysql you have to encapsulate them in single quotes

        $query = "SELECT user_info.username, user_info.password, user_info.UserID, user_info.EmailAddress, user_info.Address, user_info.Postcode, user_info.FirstName, user_info.LastName FROM user_info WHERE user_info.username = '$username'";
          scrupul0us;10917302 wrote:

          that would be my bad... when you pass character strings in mysql you have to encapsulate them in single quotes

          $query = "SELECT user_info.username, user_info.password, user_info.UserID, user_info.EmailAddress, user_info.Address, user_info.Postcode, user_info.FirstName, user_info.LastName FROM user_info WHERE user_info.username = '$username'";

          That what I thought but I get the error below any ideas??????

          You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'tom\'' at line 1

            scrupul0us;10917302 wrote:

            that would be my bad... when you pass character strings in mysql you have to encapsulate them in single quotes

            $query = "SELECT user_info.username, user_info.password, user_info.UserID, user_info.EmailAddress, user_info.Address, user_info.Postcode, user_info.FirstName, user_info.LastName FROM user_info WHERE user_info.username = '$username'";

            That what I thought but I get the error below any ideas??????

            You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'tom\'' at line 1

              Can you copy and paste the code you now have for $query ? Also show us how you execute the query.

                bradgrafelman;10917320 wrote:

                Can you copy and paste the code you now have for $query ? Also show us how you execute the query.

                This is the code hope this helps thanks

                $username = $_SESSION['myusername'];

                $query = "SELECT user_info.username, user_info.password, user_info.UserID, user_info.EmailAddress, user_info.Address, user_info.Postcode, user_info.FirstName, user_info.LastName FROM user_info WHERE user_info.username = '$username'";

                $results = mysql_query(mysql_escape_string($query))
                or die(mysql_error());

                while ($row = mysql_fetch_array($results)) {
                extract($row);

                echo $username;
                echo $password;
                echo $UserID;
                echo $EmailAddress;
                echo $Address;
                echo $Postcode;
                echo $FirstName;
                echo $LastName;

                }

                ?>

                  remove mysql_escape_string from your code.

                  before you insert a variable into an SQL query run on its value the mysql_real_escape_string()

                  4 example:

                  $username = mysql_real_escape_string($_SESSION['myusername']);

                  and use the php bb code if you post php codes, please.

                  be careful with the extract()

                  if you do, $username will overwrite the $username

                    djjjozsi;10917339 wrote:

                    remove mysql_escape_string from your code.

                    before you insert a variable into an SQL query run on its value the mysql_real_escape_string()

                    4 example:

                    $username = mysql_real_escape_string($_SESSION['myusername']);

                    and use the php bb code if you post php codes, please.

                    be careful with the extract()

                    if you do, $username will overwrite the $username

                    Thanks to everybody that helped

                      Write a Reply...