1

I have problem. in my database, I have a column email. When I make SQL query I get following error:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '@gmail.com)' at line 1

This is my code:

$sql = "SELECT ID_Dijak from dijak  WHERE (Email=".$mejl.")";

If I try to do query in php my admin it works if I put ' ' between my email, but how to do it in php? Thank you.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
AMAGR
  • 59
  • 1
  • 1
  • 4

3 Answers3

1

I'm sorry I made a mistake earlier... I tested this way and it should now work

$sql='SELECT ID_Dijak from dijak WHERE (Email = "' . $mejl . '")';

Luís Chaves
  • 661
  • 7
  • 15
  • Not working, error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '@gmail.com . '%')' at line 1 – AMAGR Apr 08 '17 at 11:35
  • whats the value of the variable $mejl ? – Luís Chaves Apr 08 '17 at 11:39
  • email address, example@gmail.com – AMAGR Apr 08 '17 at 11:40
  • I will change my above – Luís Chaves Apr 08 '17 at 11:45
  • Still not working: Unknown column '$mejl' in 'where clause' – AMAGR Apr 08 '17 at 11:50
  • This is plain wrong. If OP did not want to parameterise the query, then the valid answer would be: `$sql = "SELECT ID_Dijak FROM dijak WHERE Email = '{$mejl}'";`. Quotes are placed around the email in the SQL query (because it is a string), and the `$meil` variable is interpolated so that it is evaluated by PHP. – tpunt Apr 08 '17 at 11:51
  • Thank you tpunt, its working! – AMAGR Apr 08 '17 at 11:59
0

take datatype varchar() for email

anushri sharma
  • 67
  • 6
0

I would suggest using a prepared statement in PHP, also to prevent injection attacks. 

$stmt = $dbc->prepare("SELECT ID_Dijak from dijak WHERE Email=?");
$stmt->bind_param("s", $mejl);
$stmt->execute();
bnjc
  • 56
  • 2