variable name not recognised in sql query

Asked May 08 '20 at 06:20

Active May 08 '20 at 06:29

Viewed 14 times

im writing a register page using html,php and javascript. i have written the following code

<?php

$db = mysqli_connect('localhost','root','','private_message');

 if(isset($_POST['user'])){
    $usrname=(string)$_POST['user'];
    echo gettype($usrname);
    $r=mysqli_query($db ,"select * from users where 'user_name'='$usrname' ") or die("error");

    $rows=mysqli_num_rows($r);
    echo "";
    echo $rows;
 }

 ?>

now my table has user name 'hello' but the above $usrname is not recognised in the part 'user_name'='$usrname' part. what do i do?

edited May 08 '20 at 06:29

Nigel Ren

56,122
11
43
55

asked May 08 '20 at 06:20

Yograj Ck

2

If is treating `'user_name'` as a literal, should be in backticks `\`user_name\``. BUT you should be using prepared statements instead - https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Nigel Ren May 08 '20 at 06:23
Make SQl query as follows `$sql = "SELECT * FROM users WHERE user_name = '".$usrname."'";` then try `$r = mysqli_query($db ,$sql) or die("error");` – Ajith May 08 '20 at 06:25

variable name not recognised in sql query

0 Answers0