I have this MySQL query:
$querynotis = "SELECT * FROM notifications WHERE pid = " . $_SESSION['sess_id'] . " AND read = 0";
And it gives me the error;
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read = 0' at line 1
If I remove the:
AND read = 0
part, it works perfectly fine. What could I have done wrong?
READ is a Reserved Keyword and happens to be the name of your column. In order to avoid syntax error, the column name should be escaped using backticks. Ex,
$pid = $_SESSION['sess_id'];
$querynotis = "SELECT * FROM notifications WHERE pid = $pid AND `read` = 0";
Another way, rather than escaping it with backtick:
$pid = $_SESSION['sess_id'];
$querynotis = "SELECT * FROM notifications n WHERE pid = $pid AND n.read = 0";
If you have the privilege to alter the table, change the column name that is not on the Reserved Keyword List to prevent the same error from getting back again on the future.
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
use this query, you are trying to use reserved keyword of mysql. READ is a reserve keyword. Use backtick operator
$querynotis = "SELECT * FROM notifications WHERE pid = " . $_SESSION['sess_id'] . " AND `read` = '0'";
