PHP, MySQL table query syntax error?

Question

I hope someone can help see what's wrong here: I have a form with two field EMAIL and PASSWORD that opens a php page where I intend to run a simple query on a table. I get an error message that makes no sense:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1.
The email address I entered in this case did end with '@gmail.com'
Here's the code:

<?php
$dbhost = 'somewhere.net';
$dbuser = 'someUser';
$dbpass = 'pass';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'medreunten_db1';
mysql_select_db($dbname) or die(mysql_error($conn)); 

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = $email";
$result = mysql_query($query, $conn) or die (mysql_error($conn));
extract(mysql_fetch_assoc($result));  


while ($row = mysql_fetch_array($result)) {
extract($row);
echo $row['name'];
echo $row['surname'];
echo $row['age'];
}
?>

Any advice would be appreciated.

possible duplicate of [Simple table query syntax error?](http://stackoverflow.com/questions/7546072/simple-table-query-syntax-error) — Quentin, Sep 26 '11 at 11:36
`$query = "SELECT * FROM employee WHERE email = '$email'";` OR `$query = "SELECT * FROM employee WHERE email = ".$email;` — Ehtesham, Sep 26 '11 at 11:36
yes. I ran into more problems because I inserted the mysql_real_escape_string before the db connection and I wanted to carry on in that thread, but I think I commented and that was unacceptable, so the mods deleted it and downvoated me. so i started a new question. — Max, Sep 26 '11 at 11:59

score 6 · Accepted Answer · answered Sep 26 '11 at 11:35

6

You are missing quotes around string fields:

$query = "SELECT * FROM employee WHERE email = '$email'";

Additionally,

extract(mysql_fetch_assoc($result));

will fetch the first row from the database, so your while loop will start from the second row.

answered Sep 26 '11 at 11:35

Maxim Krizhanovsky

26,265
5
59
89

thanks for pointing that out, I fixed both errors and it works :) – Max Sep 26 '11 at 11:55

score 0 · Answer 2 · answered Sep 26 '11 at 11:36

0

You have to put the value in quotes inside SQL string.

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = '$email'";

(mind the extra '' around $email)

answered Sep 26 '11 at 11:36

johannes

15,807
3
44
57

score 0 · Answer 3 · answered Sep 26 '11 at 11:37

0

Your query translates to:

SELECT * FROM emloyee WHERE email = foo@bar.com

This doesn't work, you have to put strings in quotes. Change your code to the following and it will work:

$query = "SELECT * FROM employee WHERE email = '$email'";

answered Sep 26 '11 at 11:37

klaustopher

6,702
1
22
25

score 0 · Answer 4 · answered Sep 26 '11 at 11:38

0

Just single quote the variable '$email' because it varchar type value and field . As wrote, Darhazer :)

answered Sep 26 '11 at 11:38

Bajrang

8,361
4
27
40

score 0 · Answer 5 · answered Sep 26 '11 at 11:41

Full fixed code:

<?php
$dbhost = 'somewhere.net';
$dbuser = 'someUser';
$dbpass = 'pass';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'medreunten_db1';
mysql_select_db($dbname) or die(mysql_error($conn)); 

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = '$email'";
$result = mysql_query($query, $conn) or die (mysql_error($conn));
extract(mysql_fetch_assoc($result));  


while ($row = mysql_fetch_array($result)) {
extract($row);
echo $row['name'];
echo $row['surname'];
echo $row['age'];
}
?>

PHP, MySQL table query syntax error?

5 Answers5