-4

Given Sql error "Unknown Column in Where Clause"

<?php 
require_once('config.php');

    $orderId=$_REQUEST['order_Id'];

    $orderValue=OrderDetail($orderId,$dbc);

    echo '<strong>Name:-</strong>'.$orderValue["order_payment_first_name"].' '.$orderValue["order_payment_last_name"].'<br>';
    echo '<strong>Address:-</strong>'.$orderValue["order_payment_address1"].'<br>'.$orderValue["order_payment_address2"].'<br>'.$orderValue["order_payment_city"].' '.$orderValue["order_payment_state"].' '.$orderValue["order_payment_country"].'<br>';
    echo '<strong>Email:-</strong>'.$orderValue["order_payment_email"].'<br>';
    echo '<strong>Ip:-</strong>'.$orderValue["ip"].'<br>';
?>

How can we resolve this and how to declare a select query?

tux3
  • 7,171
  • 6
  • 39
  • 51
Abhishek shukla
  • 1
  • 4

1 Answers1

0

You can add this before the query:

$orderId = '\''.$orderId.'\'';

You need quotes around the variable, otherwise mysql thinks the value $orderId is a column instead of a value.

Please also note that you should really take precautions for SQL injections. An easy fix is this:

$orderId = '\''.addslashes($orderId).'\'';

However that is not enough (see Examples of SQL Injections through addslashes()?). Please use a framework (laravel, codeigniter, zend, ...) to make queries safe automatically for you if you don't know how to do this yourself. And don't ignore SQL injection problems ;)

Community
  • 1
  • 1
Luc Hendriks
  • 2,473
  • 13
  • 18