Member Avatar for MysticalNomad

I have a PHP page opened directly from a URL with params in it:
http://subdomain.domain.com/phppage.php?id=123456

The PHP page is supposed to execute a very simple SQL statement to retrieve a single data row based on the id variable. The SQL execution is done this way:

$id = $_REQUEST['id'];
$sql = "SELECT * FROM INCIDENTS WHERE ((INCIDENTS.ID) = $id);";
$result = mysql_query($sql);
if(!$result){
  die("Error: ".mysql_error());
}

I have run the statement directly on the database via phpMyAdmin (substituting "$id" for an actual number) and it returns the expected record.

When executing the PHP page, however I get this error:
Error: Unknown column '123456' in 'where clause'

I don't understand why it is doing this. Please help!

  • 2 Contributors
  • 2 Replies
  • 107 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by MysticalNomad
Member Avatar for chrishea

In the SQL statement, it is treating $sql as a column because it isn't enclosed in single quotes. Add the single quotes and it should work.

Member Avatar for MysticalNomad

Excellent! I corrected it to:

$id = $_REQUEST['id'];
$sql = 'SELECT * FROM INCIDENTS WHERE ((INCIDENTS.ID) = \''.$id.'\');';
$result = mysql_query($sql);
if(!$result){
   die("Error: ".mysql_error());
}

Works like a charm. Thanks for the insight!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.