SQL query in PHP

Question

I have two tables in my databases with the following structures

1.ps_branch

COLUMNS: ps_code a1 a2 a3 a4 a5 a6 a7

2.students_info

COLUMNS: std_name std_cg st_code

I am using xampp server.

I wrote a query in php:

$qs1="select * from station_details where st_code IN 
(
( select DISTINCT st_code FROM students_info , ps_branch WHERE ps_code=st_code AND    std_cg >".$_POST['Cgpa'].
      "AND".$_POST['branch']."=".'1'."))";
$query1=mysqli_query($con1,$qs1);

But the query is showing me error. When i query the following directly in phpmyadmin mysql i get the answer i required

select * from station_details where st_code IN 
(
( select DISTINCT st_code FROM students_info , ps_branch WHERE ps_code=st_code AND  std_cg>6
      AND a7=1)
 )

$_POST['branch'] will give one of the values a1 a2 ...or a7 $_POST['Cgpa'] is a numerical value

well you could just look at the error that is generated ... but between AND and $_POST... you need a space " AND " — lagbox, Apr 27 '14 at 16:37
Your code is vulnerable to SQL injections. You should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). — Gumbo, Apr 27 '14 at 16:42

score 2 · Accepted Answer · answered Apr 27 '14 at 16:39

You need an extra spaces around the 'AND'

$qs1="select * from station_details where st_code IN 
(
( select DISTINCT st_code FROM students_info , ps_branch WHERE ps_code=st_code AND std_cg >".$_POST['Cgpa'].
      " AND ".$_POST['branch']."=".'1'."))";
$query1=mysqli_query($con1,$qs1);

The way to debug this is to show the value of $qs1 by using die($qs1); after $qs1 it is set and before executing the query. Then you can see the problem.

Thanks for the die($qs1) tip..very useful! – user3290349 Apr 27 '14 at 16:49 — user3290349, Apr 27 '14 at 16:49

SQL query in PHP

1 Answers1