Select question

[Leeder]

$query = mysql_query("SELECT con, verified FROM `table` WHERE email='".$_POST['email']."'");

 

Can someone find the problem with this code, I've run through and edited my script a fewe times and the above line seems to be the problem.

[obsidian]

<?php
$query = mysql_query("SELECT con, verified FROM `table` WHERE email='".$_POST['email']."'");
?>

 

In and of itself, there is apparently nothing wrong with the code, but there are sooo many more variables than simply debugging parse errors. Besides the fact that this query is wide open to SQL injection, there are several things that we need to know: what are you attempting to do? Are you doing any checks on the email variable to assure that it contains what you think it contains? Have you run any debugging options on the query itself? Is your table really named "table" as your query implies?

 

I would recommend you try something like this for starters:

<?php
$sql   = "SELECT con, varified FROM `table` WHERE email = '{$_POST['email']}'";
$query = mysql_query($sql) or die(mysql_error() . "<br />\n<b>SQL:</b> $sql");
?>

[Leeder]

Aren't these different?

 

$query = mysql_query("SELECT con, verified FROM `table` WHERE email='".$_POST['email']."'");
$query = mysql_query("SELECT con, varified FROM `table` WHERE email = '{$_POST['email']}'");

 

?

 

email='".$_POST['email']."'
email = '{$_POST['email']}'

[fenway]

It's just a variable interpolation difference.

[obsidian]

Aren't these different?

 

email='".$_POST['email']."'
email = '{$_POST['email']}'

 

As fenway stated, the first two evaluate the same, but those two are very different. Consider the following:

<?php
$_POST['email'] = 'test@test.com';

// These will all echo "test@test.com"
echo $_POST['email'];
echo "$_POST[email]";
echo "{$_POST['email']}";

// This will echo "$_POST[email]"
echo '$_POST[email]';

// This will echo "{$_POST['email']}"
echo '{$_POST[\'email\']}';
?>