MySQLi Query with PHP Variable - Error?

[Mko]

Hey all,

I have the following code:

	
$searched = mysqli_real_escape_string($database, $_GET['searched']);
echo $_GET['searched'].'<br />';
echo $searched.'<br />';
$personal_un_s = (string) $searched;
$query = "SELECT members.id, members.name FROM members WHERE members.name = ". $personal_un_s ."";
$userid_query = mysqli_query($database, $query) or print(mysqli_error($database));
if (mysqli_num_rows($userid_query) < 1) {
	echo 'Error!';
} else {
	$userid_array = mysqli_fetch_array($userid_query);
	$userid = $userid_array[0];
}

 

However, when I run this, I get this error:

Unknown column 'Mko' in 'where clause'

 

The $_GET['searched'] functions correctly, however any value does not seem to be 'valid' for the MySQLi Query.

I'm pretty sure it's some very small problem I have...though, can anyone help me in identifying the issue?

 

 

Thanks,

Mark

[Jessica]

Strings must be surrounded in quotes. Right now you're trying to compare two columns, not a column to a string.

You also can fix your quotes.

$query = "SELECT members.id, members.name FROM members WHERE members.name = '$personal_un_s'";

[ialsoagree]

As jesirose points out, when you use double quotes for a string in PHP:

 

$some_var = "Some string";

 

PHP is checking the double quotes for variables (it's parsing the string as PHP). Using single quotes will not parse a string to PHP. So if you're going to concatenate a variable to a string, use single quotes for the string, otherwise dont' concatenate:

 

$string = 'some string.';
$other_string = 'this is '.$string;
echo $other_string; // Echoes: this is some string

$other_string = 'this is $string';
echo $other_string; // Echoes: this is $string

$other_string = "this is $string";
echo $other_string; // Echoes: this is some string