Error when Select database after getting value from ajax

Question

I use js to get user "name" and send it to result.php by ajax.

in result.php

$name = $_POST['name'] //name contain string

// Then I want to select information from that user "name"
$result2 = $db->query('SELECT story FROM `user_story` WHERE name='.$name) or error('failed', __FILE__, __LINE__, $db->error());

But why doesn't it work?

Can anybody explain this to me and provide a solution?

Thanks in advance

Answer 1

Try this with quotes:

//ADDED semicolon
$name = $_POST['name']; //name contain string 
// Then I want to select information from that user "name"
$result2 = $db->query('SELECT story FROM `user_story` WHERE name= "'.$name .  '"') or error('failed', __FILE__, __LINE__, $db->error());

note: The best way is to use PDO prepared statements.

$name = $_POST['name'];

$result2 = $db->prepare("SELECT story FROM user_story WHERE (name = ?)");

$result2->execute(array($name));

Look at PDO and Prepared statements