MYSQL query won't return data using php

Question

I was wondering if after all these hours of trying you could help me

After hours of trying i still have a problem retrieving data from a mysql query: This is my query:

$res =mysql_query("SELECT * FROM user WHERE username =".$_SESSION['user']);

The user in the session is the current username.

i have an if statement like this:

if(!$res)
{
    die('Invalid query: ' . mysql_error());
}

i run the code to check if the mysql_error isn't thrown but everytime i get this error:

Invalid query: Unknown column 'Amando' in 'where clause'

Can someone explain to me what im doing wrong and maybe help me fix it

score 1 · Accepted Answer · answered Dec 04 '15 at 21:02

1

You need to enclose the $_SESSION['user'] in quotes for MYSQL to consider it a string rather than a column name

$res =mysql_query('SELECT * FROM user WHERE username ="'.$_SESSION['user'].'"');

answered Dec 04 '15 at 21:02

Shujaat

691
4
18

Andy · Answer 2 · 2015-12-04T21:08:29.180

0

You need to quote the user variable. Try this

$res =mysql_query("SELECT * FROM user WHERE username ='".$_SESSION['user']."'");

You should also read up on SQL injection and maybe PDO since your code is vulnerable for SQL injections as it is now. Or at least it can be, depending on if you have secured/validated the session variable before you use it in the query.

edited Dec 04 '15 at 21:08

answered Dec 04 '15 at 21:02

Andy

397
2
8

MYSQL query won't return data using php

2 Answers2