When i run this code it gives me error "Unknown column 'user_id' in 'where clause'", and is not fetching record from database

Question

<?php
$query1 = "select * from users where user_id=" . $_GET['user_id'];
$result = mysqli_query($conn, $query1);
$res = mysqli_fetch_array($result);
if (!$res) {
    die(mysqli_error($conn));
} else {
    echo "succeess";
}
?>
<form method="post" id="editform" action="Updateuser.php"><br/>
    <tr><td><b>User ID</b></td><td>
            <input type="text" name="user_id" style="width:450px;height:30px" value="<? php echo $res['user_id'] ?>" /></td></tr>
    <tr>
        <td><b>Name</b></td>
        <td>
            <input type="text" name="name" style="width:450px;height:30px" value="<?php echo $res['name'] ?>">
        </td>
    </tr>
    <tr>
        <td><b>Role</b></td>
        <td>
            <input type="text" name="role" style="width:450px;height:30px" value="<?php echo $res['role'] ?>">
        </td>
    </tr>
    <tr>
        <td><b>Password</b></td>
        <td>
            <input type=" text" name="password" style="width:450px;height:30px" value="<?php echo $res['password'] ?>">
        </td>
    </tr>
    <tr>
        <td align=right>
            <input type="submit" name="submit value" id="updatebutton" value="Update Record">
        </td>
    </tr>

whenever the code runs it says unknown colomn in where clause, i am sending user_id from the users page to this page. It is displaying user_id in the address bar but it is not fetching the whole record from the database and keeps on displaying that error. Note: My table has that colomn "user_id"

if it says user_id is unknown column then surely it doesn't exists in the table. You might be making an typo error, double check your database and code — Vaibhav Vishal, Mar 20 '19 at 07:15
It's completly open for sql injection. [Sql injection](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — xmaster, Mar 20 '19 at 07:23
see the link above. never use this `$_GET['user_id']` in your query — xmaster, Mar 20 '19 at 08:23
@xmastertje thank u so much it worked. Now please tell me how to prevent it from sql injection, you wrote don't use $_GET['user_id'] then what should i write? — Anonymus, Mar 20 '19 at 08:34
@xmastertje no it didn't but the earlier one did, this one is not displaying anything — Anonymus, Mar 20 '19 at 09:06
@xmastertje can u please help me with this code too, it is not updating the data and i am passing user_id to it. — Anonymus, Mar 20 '19 at 09:07
@Anonymus first accept my answer after that i will look to it — xmaster, Mar 20 '19 at 09:12
@xmastertje i accept it thanks for that answer now please help me with this one — Anonymus, Mar 20 '19 at 09:13
@xmastertje it is not giving any error but it is not updating the data as well — Anonymus, Mar 20 '19 at 09:17
@xmastertje i tried to this before but when i do that it updates the whole record except user_id — Anonymus, Mar 20 '19 at 09:34
@xmastertje i am making this project for someone and they might have to update it so i have to put this option too — Anonymus, Mar 20 '19 at 09:58
believe me it's not necessary because you will give it a primary key and make it auto-increment — xmaster, Mar 20 '19 at 10:37
Actually it contains string values like Sara12, Josh598 and etc so no auto-increment used on this field — Anonymus, Mar 20 '19 at 10:46

score 0 · Accepted Answer · answered Mar 20 '19 at 09:11

0

You have to change this:

$query1 = "select * from users where user_id=" . $_GET['user_id'];

to

$query1 = "select * from users where user_id='". $_GET['user_id']."'";

answered Mar 20 '19 at 09:11

xmaster

1,042
7
20

When i run this code it gives me error "Unknown column 'user_id' in 'where clause'", and is not fetching record from database

1 Answers1