aliasnikhil Posted May 24, 2011 Share Posted May 24, 2011 i have created a table named 'masteruseraccounts' in mysql.it has fields : key(auto increment,int);name(varchar(50));idNo(varchar(12));password(varchar(50));mobileNo(varchar(10));email(varchar(50)). i entered one row as follows: key | name | idNo | password | mobileNo | email 1 | nikhil upadhyay | 2009AAPS092H | nikhil |9505042041 | [email protected] and the idNo is the login name and is stored in a session variable($_SESSION['MM_Username']).i confirmed that the idNo is properly getting stored in session variable by using echo statement.i am also using the session_start().depending on this idNo i was trying to display the rest of information.so i tried to use the WHERE clause but in vain here is my syntax <?php session_start(); mysql_select_db("mydb"); $userId = mysql_real_escape_string($_SESSION['MM_Username']); $query = "SELECT * " . "FROM masteruseraccounts". "WHERE idNo = '$userId' "; $results = mysql_query($query) or die(mysql_error()); while ($row = mysql_fetch_array($results)) { extract($row); echo $idNo; echo " - "; echo $email; echo " - "; echo $mobileNo; echo "<br>"; } ?> it says "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '2009AAPS092H'' at line 1" instead if i do not use the where clause then it displays all info correctly.i even tried removing the single quotes around $userId.also tried the WHERE clause as( "WHERE idNo = " .$userId. ""; ) still it gives error. i even tried hardcoding it with the WHERE statement as WHERE idNo = 2009AAPS092H but it doesnt work.putting quotes around 2009AAPS092H also doesnt help. please i am pulling my hair out.someone help me.i thought there might be some different syntax for varchar types but i tried hardcoding the WHERE clause as (WHERE key = 1) this also gives error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key = 1' at line 1" now this key field being int type i know it doesnt require quotes around it. any help is very much appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/237287-help-with-mysql-syntax/ Share on other sites More sharing options...
anupamsaha Posted May 24, 2011 Share Posted May 24, 2011 You need not to use mysql_real_escape_string() while you extract variable value from the SESSION. Try $userId = $_SESSION['MM_Username']; Also, please echo the SQL query that is creating the error and post it here. Quote Link to comment https://forums.phpfreaks.com/topic/237287-help-with-mysql-syntax/#findComment-1219381 Share on other sites More sharing options...
Pikachu2000 Posted May 24, 2011 Share Posted May 24, 2011 @anupamsaha: Why do think you wouldn't need to escape a string just because it's in a $_SESSION var? What if the string contains quotes or apostrrophes? @OP: The way the query is currently constructed, this is what it will echo: "SELECT * FROM masteruseraccountsWHERE idNo = '$userId' " Note there is no space before WHERE. Quote Link to comment https://forums.phpfreaks.com/topic/237287-help-with-mysql-syntax/#findComment-1219388 Share on other sites More sharing options...
aliasnikhil Posted May 26, 2011 Author Share Posted May 26, 2011 yes i forgot the whitespace before WHERE clause.thanks a lot Quote Link to comment https://forums.phpfreaks.com/topic/237287-help-with-mysql-syntax/#findComment-1220622 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.