0

I have a function in my website meant to check if a user is blacklisted. The last part of it goes as:

$telefon = $_POST['tel_client'];
    $numebl = $_POST['nume_client'];

    $blacklist_res = mysql_query("Select * from blacklist where telefon_blacklist = ".$telefon." OR nume_blacklist = ".$numebl."") or die(mysql_error());
    $blacklist_row = mysql_fetch_array($blacklist_res);
    $blacklist_count = mysql_num_rows($blacklist_res);



    if ($blacklist_count > 0) { echo 
    "<div class='alert alert-danger'>Warning: This client is blacklisted for : ".$blacklist_row['motiv_blacklist']."</div>";
    }

ERROR I GET IS:

Unknown column 'smith' in 'where clause' // smith is actually the data I add as name taken from the $_POST['nume_client'];

If I run the query only with the check of the number of the client, it works.

$blacklist_res = mysql_query("Select * from blacklist where telefon_blacklist = ".$telefon."")

So the problem might be after I include to check if the name of the client is also blacklisted. Any help is appreciated.

Razvan2k3
  • 25
  • 4
  • ANd http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks-in-mysql – AbraCadaver Jan 11 '17 at 22:06
  • Thank you very much AbraCadaver! This cleared my thoughts on the " and ' and `. --- I managed to fix my query and will use the guidelines there. God bless! – Razvan2k3 Jan 11 '17 at 22:11
  • **WARNING**: If you're just learning PHP, please, do not use the [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) explains best practices. Your user data is **not** [properly escaped](http://bobby-tables.com/php.html) and there are [SQL injection bugs](http://bobby-tables.com/) and can be exploited. – tadman Jan 11 '17 at 22:12

0 Answers0