-1

I'm just trying to get some data through a table in a specific row.

Here's my script.

<?php
$con=mysqli_connect("localhost","root","","astralms");

if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$type = htmlspecialchars(mysql_real_escape_string($_GET['type']));
$username = htmlspecialchars(mysql_real_escape_string($_GET['username']));

$result = mysqli_query($con,"SELECT * FROM accounts
 WHERE name = '%s', $username);

while($row = mysqli_fetch_array($result))
  {
    if($type == "nxcash") {
    echo $row['ACash'];
    } else if($type == "votepoints") {
    echo $row['vpoints'];
    } else if ($type == "gmlevel") {
    echo $row['gm'];
   }
  }
?>

However, I get:

( ! ) Parse error: syntax error, unexpected 'nxcash' (T_STRING) in C:\wamp\www\accountdata.php on line 17.

when using it like 127.0.0.1/accountdata.php?username=tester&type=votepoints

Thanks.

Shankar Narayana Damodaran
  • 68,075
  • 43
  • 96
  • 126
user2674867
  • 79
  • 3

4 Answers4

2

You are missing a ":

 WHERE name = '%s', $username);
//                ^-- there

Most IDEs will be able to pick out syntax error. I'd recommend investing some time getting familiar with a good one. There are free ones too.

Halcyon
  • 57,230
  • 10
  • 89
  • 128
0

You missed a closing double quote on your SQL query, after WHERE name = '%s'.

sevenseacat
  • 24,699
  • 6
  • 63
  • 88
0

Line 12/13.

$result = mysqli_query($con,"SELECT * FROM accounts WHERE name = '%s', $username);

It is missing a quotation speechmark.

0

The syntax highlighting right here on SO has highlighted your error:

This:

$result = mysqli_query($con,"SELECT * FROM accounts WHERE name = '%s', $username);

Should be this:

$result = mysqli_query($con,"SELECT * FROM accounts WHERE name = '%s'", $username);

Notice the close quotes -------------------------------------------------------------------- here -----^

Scott Helme
  • 4,786
  • 2
  • 23
  • 35