SELECT query syntax in PHP

Question

I'm self taught in PHP, but i'm afraid my syntax is off for the following MySQL query.

$getPassword="SELECT password FROM $tbl_name WHERE username=$myusername";
$password=mysql_query($getPassword);

Is the above registering $myusername as a string or as a variable? I'm using PHP 5.4. Thanks in advance for any help!

it is treating $myusername as a variable, however, when you use php variables in mysql querys you have to do it like so: $getPassword="SELECT password FROM $tbl_name WHERE username= '".$myusername."'"; — Kristofer Aron Sverrisson, Aug 26 '14 at 03:41
take a look [this](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) — tttony, Aug 26 '14 at 03:43
I agree with @Be0wulf because PDO has a lot of database support. — John Robertson, Aug 26 '14 at 03:45

John Robertson · Answer 1 · 2014-08-26T09:47:21.117

5

Add single quotes to $myusername so that it will be read in the query.

$getPassword="SELECT `password` FROM `$tbl_name` WHERE `username`='$myusername'";

Instead use mysqli_* functions or PDO because mysql_* functions are depracated and will no longer be used in the future.

$password=mysqli_query($your_connection, $getPassword);

edited Aug 26 '14 at 09:47

answered Aug 26 '14 at 03:41

John Robertson

2

Well, if you're going to go down this road (and you should), then it's probably wise to look at prepared statements. – Strawberry Aug 26 '14 at 08:09

score 1 · Answer 2 · answered Aug 26 '14 at 03:41

1

You must put prime symbols around the $myusername variable:

$getPassword="SELECT password FROM $tbl_name WHERE username='$myusername'";
$password=mysql_query($getPassword);

answered Aug 26 '14 at 03:41

jondinham

score 1 · Answer 3 · edited Aug 27 '14 at 09:39

1

Try this

 $getPassword="SELECT password FROM ".$tbl_name." WHERE username='".$myusername."'";

edited Aug 27 '14 at 09:39

Eduard Luca

answered Aug 26 '14 at 07:55

Kack

single codes are required for the values in mysql queries , if you want to concat variables with a string. Please look at the below code $getPassword="SELECT password FROM ".$tbl_name." WHERE username='".$myusername."'"; – rahul Aug 26 '14 at 09:29
i have updated my answer please see and if wrong then send me error – Kack Aug 27 '14 at 08:43

score 0 · Answer 4 · answered Aug 26 '14 at 03:41

If you are using php variables which contains strings, you have to enclose it in quotes like,

$getPassword="SELECT password FROM $tbl_name WHERE username='$myusername'";
                                                            ^           ^

Otherwise, your query will fail to execute.

score 0 · Answer 5 · answered Aug 26 '14 at 07:28

0

For the perfect syntax that can make your code much faster...

$getPassword="SELECT `password` FROM `$tbl_name` WHERE `username`='$myusername'";

answered Aug 26 '14 at 07:28

rahul

5 Answers5