Member Avatar for jeeter19

Hi,

I'm trying to send a MySQL query string from a C# application to a PhP submission page via POST. The problem I am receiving is when I try to use the WHERE clause it hangs up at the string I'm trying to compare to.

The Query
SELECT * FROM `tblUser` WHERE `Name`='username'

The above is the query string that I build in the C# application and send to the PhP submission page via POST method. username is the name of the variable I have in the application. The application DOES send the full string as it should be (I did print statements on the PhP-side to see the string input).

What Happens
When I submit the above I receive the error:
"...Check for the right SQL syntax to use near '\'username\'' at line 1"

If I change the WHERE clause to:
WHERE `Name`=username

Then I get:
"Unknown column 'username' in 'WHERE clause'"

Help Please
I am unsure where to go from here. I have the correct SQL query string but it just won't accept it. Anytime I've done a hardcoded (php-side) SELECT query, using a variable to compare to in the WHERE clause, it has always worked. But for some reason when it sends it over from my application it won't accept the query string anymore and says it's incorrect syntax.

Any help would be greatly appreciated!
Thank you

  • 3 Contributors
  • 3 Replies
  • 143 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by pulketo

Recommended Answers

All 3 Replies

Member Avatar for Will Gresham

Rather than sending the entire query through POST, it may be a better idea to send the separate bits in individual POST fields, for example, use multiple fields as follows:
- The method (select/insert/update)
- The table name
- The column name
- The value

You can then piece together the query in PHP and execute it.

Member Avatar for jeeter19

Rather than sending the entire query through POST, it may be a better idea to send the separate bits in individual POST fields, for example, use multiple fields as follows:
- The method (select/insert/update)
- The table name
- The column name
- The value

You can then piece together the query in PHP and execute it.

Thank you for the quick response. My original way of doing it was this way but that was when I had everything running on the PhP side (query building, parameters, etc). Now I'm trying to make it so I can build the query on the application side, and then just send that to a small PhP script to execute and print out the data.

Member Avatar for pulketo

something like this happened to me last week with phpmyadmin, try removing ` <== and keep ' <== in username, don't copy paste code from internet rather you must write ' and ` with your keyboard.

SELECT * FROM tblUser WHERE Name= 'username'

Edited by pulketo because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.