What is wrong with this SQL Query? (MySQL Error)

Question

What is wrong with my query here?

mysql_query("SELECT * FROM admin_nav1 WHERE Active = 'YES' AND WHERE LinkedID = '$WID' ORDER by 'OrderSet' ASC") or die(mysql_error());

I keep getting this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE LinkedID = '6' ORDER by 'OrderSet' ASC' at line 1

score 5 · Accepted Answer · edited May 23 '17 at 12:04

You should have only one WHERE clause. AND operator is enough to separate the two conditions.

SELECT  * 
FROM    admin_nav1 
WHERE   Active = 'YES' AND LinkedID = '$WID'  // <<== one WHERE clause
ORDER   by OrderSet ASC

One more thing, your query will not ORDER the rows correctly because you have wrap the column name OrderSet with single quotes thus converting it into a string. When you are concern of the column names if they are a reserved keyword or not, you can either wrap it with a backtick or supply an alias on the table and use the column names with that alias to delimit the column but not with single quotes.

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

How to prevent SQL injection in PHP?

score 0 · Answer 2 · answered Mar 09 '13 at 14:21

0

you need to use where once

SELECT * FROM admin_nav1 
WHERE Active = 'YES' AND  .....

and then use and operators for more conditions.

answered Mar 09 '13 at 14:21

PSR

39,804
41
111
151

What is wrong with this SQL Query? (MySQL Error)

2 Answers2