PHP SQL Query listing WHERE=?

Question

Hello I'm trying to learn php. I'm using phpmyadmin with xampp. I want to listen according to the following query:

"$add='SELECT * FROM movielibrary WHERE username="$libraryuser"';

But there is no element coming to the mylibrary.php page. When I try to echo $libraryuser, it is correct but when I write to the sql query, it's not matching and my table is blank. My username is "info" and if I write

"$add='SELECT * FROM movielibrary WHERE username="info"';

It is correct but I need to do $libraryuser.

What should I do?

This are the screenshots for my problem:

this is when i write to username='info' it is okey

this is when i write to $libraryuser there is no listing

I also tried

'username'=$libraryuser , "username"=$libraryuser , username='$libraryuser , username="$libraryuser

but it did not work.

<?php
    require_once("config.php");
session_start();



$libraryuser=$_SESSION['user'];


echo $libraryuser;
$add='SELECT * FROM movielibrary WHERE username="$libraryuser"';

echo "<table>

<tr>
<td width=2%></td>
<td height=175 width=20%>
<a href=index.php>

<img src=images/Logo.png width=400></a>

</td>
<td width=55%></td>


 <td width=12% valign=top >

<td width=12% valign=top >
  <div class=row>
 <div class='col-md-3 col-sm-3 col-xs-6'> <a href=logout.php class='btn     btn-sm animated-button victoria-two'>Logout</a> </div></td>


  </tr>
</table>";

    echo "<center><font size=10><b>My Library</b></font></center>        <table>";












if($result=mysqli_query($conn,$add)) {




    echo "</br></br></br></br><table width=%70 border='1' align=center cellspacing='0' cellpadding='6'>
        <tr align='center' bgcolor='#999966'>
            <td>
                <b>Movie Name</b>
            </td>   
            <td>
                <b>Director </b>
            </td>
            <td>
                <b>Cast</b>
            </td>
            <td>
                <b>Year</b>
            </td>
            <td>
                <b>Runtime</b>
            </td>
            <td>
            <b>Movie Genre</b>
            </td>
        </tr>";
            while($read=mysqli_fetch_array($result)){
        echo "
        <tr align='center' bgcolor='#c2c2a3'>
            <td>
                $read[movie_name]
            </td>   
            <td>
                $read[director] 
            </td>
            <td>
                $read[movie_cast]
            </td>
            <td>
                $read[year]
            </td>
            <td>
                $read[runtime]
            </td>
            <td>
                $read[movie_genre]
            </td>";
            }
}
        echo "</tr>



</table>";


?>

Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. — tadman, May 20 '18 at 18:59
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, May 20 '18 at 19:00
Please post code, errors, sample data or textual output here as plain-text, not as images that can be hard to read, can’t be copy-pasted to help test code or use in answers, and are hostile to those who use screen readers. You can edit your question to add the code in the body of your question. Use the `{}` button to format any blocks of code, or indent with four spaces for the same effect. **Unfortunately, we can’t run your screenshot as code.** — tadman, May 20 '18 at 19:00
Consider using a [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) to solve problems like this. These give you patterns to follow for organizing your code into proper model, view and controller contexts and avoids ending up with a confused stew of concerns, with HTML, PHP, SQL, and JavaScript all jumbled together. Frameworks come in many forms from really lean like [Fat-Free Framework](https://fatfreeframework.com/) to exceptionally full-featured like [Laravel](http://laravel.com/) and many spots in between. — tadman, May 20 '18 at 19:00
When building your SQL in `$add` your using single quotes, this doesn't support variable substitution. — Nigel Ren, May 20 '18 at 19:01
Possible duplicate of [What is the difference between single-quoted and double-quoted strings in PHP?](https://stackoverflow.com/questions/3446216/what-is-the-difference-between-single-quoted-and-double-quoted-strings-in-php) — Nigel Ren, May 20 '18 at 19:02
$add="SELECT * FROM movielibrary WHERE username='$libraryuse' "; use this query statement may be this work :| — Priyanka Maurya, May 21 '18 at 06:58

Debashish Kumar · Answer 1 · 2018-05-27T11:04:49.740

-2

You need to replace the query

'SELECT * FROM movielibrary WHERE username="$libraryuser"';

with

"SELECT * FROM movielibrary WHERE username='$libraryuser'";

then it will work.

edited May 27 '18 at 11:04

answered May 20 '18 at 20:40

Debashish Kumar

43
9

PHP SQL Query listing WHERE=?

1 Answers1