php beginner-basic php variable in sql query

Question

PHP variable not working in sql query..

Am just a begginer in php. pls tell where am going wrong.thanks in advances.

$sql = 'SELECT email_id FROM dealer WHERE dealerid="'mysql_real_escape_string($id).'"';

$rt  = mysql_query($sql);
$row = mysql_fetch_row($rt);

if($row) {
  echo "<h1>Number:</h1>" . $row[0];
  while($row = mysql_fetch_assoc($rt)) {
    var_dump($row);
  }
}

Answer 1

you forgot to properly concatenation of string it should be like

$sql = 'SELECT email_id FROM dealer WHERE dealerid="' . mysql_real_escape_string($id) . '"';

String Operators

your code will probably give you

Parse error: syntax error, unexpected T_VARIABLE on line bla

This is a syntax error, meaning that there is something in your code stopping it from being parsed correctly and therefore run.

What you should do is check carefully at the lines around where the error is for any simple mistakes

so make sure you enable at least E_PARSE in your php.ini. Parse errors should not exist in production scripts.

i always recommended to while coding

error_reporting(E_ALL);

error_reporting

---

Note

1. Its not true that we are using mysql_real_escape_string() and we are completly safe form sql injection cheak this answer by @ircmaxell
2. The entire ext/mysql PHP extension, which provides all functions named with the prefix mysql_, is officially deprecated as of PHP v5.5.0 and will be removed in the future. So use either PDO or MySQLi

Good read

1. The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead
2. PDO Tutorial for MySQL Developers

Answer 2

You have a syntax error on line 1, you need a "." between 'and mysql

$sql = 'SELECT email_id FROM dealer WHERE dealerid="' . mysql_real_escape_string($id) . '"';

Answer 3

Try this

$escaped = mysql_real_escape_string($id);
$sql = "SELECT email_id FROM dealer WHERE dealerid='$escaped'";