-4

so I have a mysql query that looks like this.

$copy = mysql_query("SELECT `id` FROM `brain` WHERE `id` = '$user_screen_name' && '$posts['title']'");

I want the query to search for the id that is in the table where screen name and post title strings are matched and put the found id in a variable. How would I do this?

PirateTube
  • 97
  • 1
  • 10

1 Answers1

2

First, some warnings:

Please stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy.

Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe!

To fix your query you need a separate AND condition for each item you want to filter against:

WHERE `id` = '$user_screen_name' 
AND `title` = '$posts["title"]'

Without seeing your table layout it would be hard to go much further but if you want the id in a variable you would do this after the query:

$row = mysql_fetch_array($copy);

Once done, $row['id'] will be the variable containing the id.

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
  • Can you give me an example from my code example? Because right now I'm getting an error: Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) – PirateTube Jul 03 '17 at 20:52
  • Uh, that is what I did. – Jay Blanchard Jul 03 '17 at 20:53
  • Receiving Parse error: syntax error, unexpected '"', expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) I think it's because of the "'"" in "'$post["title"]'" from the query – PirateTube Jul 03 '17 at 21:07
  • 1
    Without being able to see your new code I'll point you here. https://stackoverflow.com/questions/18050071/php-parse-syntax-errors-and-how-to-solve-them – Jay Blanchard Jul 03 '17 at 21:08