aliasnikhil Posted May 24, 2011 Share Posted May 24, 2011 i have created a table named 'masteruseraccounts' in mysql.it has fields : key(auto increment,int);name(varchar(50));idNo(varchar(12));password(varchar(50));mobileNo(varchar(10));email(varchar(50)). i entered one row as follows: key | name | idNo | password | mobileNo | email 1 | nikhil upadhyay | 2009AAPS092H | nikhil |9505042041 | [email protected] and the idNo is the login name and is stored in a session variable($_SESSION['MM_Username']).i confirmed that the idNo is properly getting stored in session variable by using echo statement.i am also using the session_start().depending on this idNo i was trying to display the rest of information.so i tried to use the WHERE clause but in vain here is my syntax <?php session_start(); mysql_select_db("mydb"); $userId = mysql_real_escape_string($_SESSION['MM_Username']); $query = "SELECT * " . "FROM masteruseraccounts". "WHERE idNo = '$userId' "; $results = mysql_query($query) or die(mysql_error()); while ($row = mysql_fetch_array($results)) { extract($row); echo $idNo; echo " - "; echo $email; echo " - "; echo $mobileNo; echo "<br>"; } ?> it says "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '2009AAPS092H'' at line 1" instead if i do not use the where clause then it displays all info correctly.i even tried removing the single quotes around $userId.also tried the WHERE clause as( "WHERE idNo = " .$userId. ""; ) still it gives error. i even tried hardcoding it with the WHERE statement as WHERE idNo = 2009AAPS092H but it doesnt work.putting quotes around 2009AAPS092H also doesnt help. please i am pulling my hair out.someone help me.i thought there might be some different syntax for varchar types but i tried hardcoding the WHERE clause as (WHERE key = 1) this also gives error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key = 1' at line 1" now this key field being int type i know it doesnt require quotes around it. any help is very much appreciated. Link to comment https://forums.phpfreaks.com/topic/237287-help-with-mysql-syntax/ Share on other sites More sharing options...
anupamsaha Posted May 24, 2011 Share Posted May 24, 2011 You need not to use mysql_real_escape_string() while you extract variable value from the SESSION. Try $userId = $_SESSION['MM_Username']; Also, please echo the SQL query that is creating the error and post it here. Link to comment https://forums.phpfreaks.com/topic/237287-help-with-mysql-syntax/#findComment-1219381 Share on other sites More sharing options...
Pikachu2000 Posted May 24, 2011 Share Posted May 24, 2011 @anupamsaha: Why do think you wouldn't need to escape a string just because it's in a $_SESSION var? What if the string contains quotes or apostrrophes? @OP: The way the query is currently constructed, this is what it will echo: "SELECT * FROM masteruseraccountsWHERE idNo = '$userId' " Note there is no space before WHERE. Link to comment https://forums.phpfreaks.com/topic/237287-help-with-mysql-syntax/#findComment-1219388 Share on other sites More sharing options...
aliasnikhil Posted May 26, 2011 Author Share Posted May 26, 2011 yes i forgot the whitespace before WHERE clause.thanks a lot Link to comment https://forums.phpfreaks.com/topic/237287-help-with-mysql-syntax/#findComment-1220622 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.