0

I created a php page.
this is my code.

$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql = mysql_query("SELECT * FROM $tbl_name WHERE (Order = '" . $_POST['order'] . "')") or die(mysql_error());

But its showing error like this
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Order = 'xx')' at line 1

Please clear my error.

Edited by Ezzaral: Added code tags. Please use them to format any code that you post.

4
Contributors
3
Replies
4
Views
6 Years
Discussion Span
Last Post by monica singh
0

Your error occurred with the used of ". In other words you used " too many times.

0

Put the query in a string, and output that string. Your query is broken somehow.

Remember to never put raw $_POST data in your query - run it through mysql_real_escape_string() first to avoid injection.

Also, please wrap your code in tags.

0

Hi, jus try to do like this.....

<?php
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
    OR die(mysql_error());

// Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
            mysql_real_escape_string($user),
            mysql_real_escape_string($password));
?>

Edited by Ezzaral: Added code tags. Please use them to format any code that you post.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.