0

Im getting a Unknown column error and i cant seem to find a topic that seems to help me.. here the code but when i seem to remove the WHERE username = $user in the $query or replace $user with a quote it seems to work just fine. (FYI Im like a total noob at php)

<?PHP

$id = "";
$username = "";
$email = "";
$nick = "";
$isMod = "";
$rank = "";
$joinDate = "";
$ip = "";
$coins = "";
$curHead = "";
$curFace = "";
$curNeck = "";
$curBody = "";
$curHands = "";
$curFeet = "";
$curPhoto = "";
$curFlag = "";
$curColor = "";

$db = mysql_connect("localhost","root","");
mysql_select_db("opencp", $db);

$user = $_GET['user'];

$query = "SELECT * from game_users WHERE username = ". $user. "";
$result = mysql_query($query);

if($result === FALSE) {
die(mysql_error());

}

echo "<?xml version=\"1.0\"\n";
echo "<products>\n";

while($line=mysql_fetch_array($result)){
echo "<item>" . $line['id'] . "</item>\n";
echo "<item>" . $line['username'] . "</item>\n";
echo "<item>" . $line['email'] . "</item>\n";
echo "<item>" . $line['nickname'] . "</item>\n";
echo "<item>" . $line['ismoderator'] . "</item>\n";
echo "<item>" . $line['rank'] . "</item>\n";
echo "<item>" . $line['joindate'] . "</item>\n";
echo "<item>" . $line['ips'] . "</item>\n";
echo "<item>" . $line['coins'] . "</item>\n";
echo "<item>" . $line['curhead'] . "</item>\n";
echo "<item>" . $line['curface'] . "</item>\n";
echo "<item>" . $line['curneck'] . "</item>\n";
echo "<item>" . $line['curbody'] . "</item>\n";
echo "<item>" . $line['curhands'] . "</item>\n";
echo "<item>" . $line['curfeet'] . "</item>\n";
echo "<item>" . $line['curphoto'] . "</item>\n";
echo "<item>" . $line['curflag'] . "</item>\n";
echo "<item>" . $line['colour'] . "</item>\n";

}

echo "</products>";

mysql_close($db);
?>
Slappy826
  • 1
  • 1

3 Answers3

1

Change it to,

$query = "SELECT * from game_users WHERE username = '". $user ."'";
$result = mysql_query($query);

You should start with PHP Strings.

Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Zoe
  • 27,060
  • 21
  • 118
  • 148
Rikesh
  • 26,156
  • 14
  • 79
  • 87
1

username is a string so it should be in single quotes.

$user = $_GET['user'];  
$query = "SELECT * from game_users WHERE username = '". $user. "'"; 
$result = mysql_query($query);
laalto
  • 150,114
  • 66
  • 286
  • 303
harry
  • 1,007
  • 2
  • 10
  • 19
0

There are a couple answers here already but I thought I'd point out that since your string is in double quotes you can make it less confusing by not using the concatenation (period) style:

$query = "SELECT * from game_users WHERE username = '$user ' ";

Variables are replaced inside double quotes in php, but not within single quoted strings.

JAL
  • 21,295
  • 1
  • 48
  • 66