3

I have a database with the following structure:

id  msg
1  'Hello'
2  'Bye'

and I need to get "msg" value for the "id".

This is my try:

$text = mysql_query("SELECT msg FROM text WHERE text (id) ='$msg_num'");

But it doesn't work :( Do you have suggestions? Thanks

slwr
  • 1,105
  • 6
  • 16
  • 35

5 Answers5

9

remove text

$result = mysql_query("SELECT msg FROM text WHERE id ='$msg_num'");
while ($row = mysql_fetch_array($result)) 
{
    $text = $row['msg'];  
}

your code is vulnerable with SQL Injection Please read the article below,

How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
John Woo
  • 258,903
  • 69
  • 498
  • 492
  • `mysql_query` returns a resource and not the text of `msg`. You need to fetch if you want the text value. – Al_ Oct 21 '12 at 17:24
3

Change

mysql_query("SELECT msg FROM text WHERE text (id) ='$msg_num'");

To

mysql_query("SELECT msg FROM text WHERE id ='$msg_num'");

This type of query can be cause of MySQL Injection attacks.. so good to use to stop for 1st order injection using prepared statements.

1) Mysqli

2) PDO

Community
  • 1
  • 1
GBD
  • 15,847
  • 2
  • 46
  • 50
2
select id from text where id = '$msg_num'

The difference in this query is that it selects the column. There are no column named 'msg', thats the value.

edit: Sorry, read the table wrong (sideways).

cerealy
  • 122
  • 6
1

Bad syntax.

$text = mysql_query("SELECT msg FROM text WHERE text (id) ='$msg_num'");

Should be:

$text = mysql_query("SELECT msg FROM text WHERE id='$msg_num'");

You can use mysql_error() to diagnose things like this.

nyson
  • 1,055
  • 6
  • 20
1
$text = mysql_query("SELECT msg FROM text WHERE id ='$msg_num'") or die(mysql_error());
nickhar
  • 19,981
  • 12
  • 60
  • 73