I created a php page.
this is my code.

$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql = mysql_query("SELECT * FROM $tbl_name WHERE (Order = '" . $_POST['order'] . "')") or die(mysql_error());

But its showing error like this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Order = 'xx')' at line 1

Please clear my error.

Your error occurred with the used of ". In other words you used " too many times.

Put the query in a string, and output that string. Your query is broken somehow.

Remember to never put raw $_POST data in your query - run it through mysql_real_escape_string() first to avoid injection.

Also, please wrap your code in tags.

Hi, jus try to do like this.....

// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
    OR die(mysql_error());

// Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",