PHP SQL Syntax Error?

Question

session_start();
include 'assets/config.php';

if(isset($_POST['username'])){

    $queryIsUsername = ("SELECT count(user) FROM users WHERE user = '$_POST['username']'"); //Error
    $actionQueryIsUsername = mysql_query($queryIsUsername);
    while($rowIsUsername = mysql_fetch_array($actionQueryIsUsername)) {
        $isUsername[] = $rowIsUsername['COUNT(user)'];
    }

    if($isUsername[0]="0"){

        header("Location: login.php?error=e1");
    }

    else{
//do stuff
}

I'm not sure whats wrong, this is my error. I removed the if statement and the errors vanished.

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /Applications/XAMPP/xamppfiles/htdocs/craftlist/index.php on line 7

Answer 1

Change it to

$queryIsUsername = ("SELECT count(user) FROM users WHERE user = '".$_POST['username']."'");

BUT this is NOT SQL INJECTION SAFE!

Answer 2

When interpolating an array variable, you should not put quotes around the key name.

Personally I would prefer concatenation:

"....".mysql_real_escape_string($_POST['username'])."...";

This is the easiest to read of the possible syntaxes.

Answer 3

$queryIsUsername = ("SELECT count(user) FROM users WHERE user = '$_POST['username']'"); //Error

Should be

$queryIsUsername = ("SELECT count(user) FROM users WHERE user = '".$_POST['username']."'"); //Error

On an aside you may want to look into mysqli or PDO_MYSQL because the php mysql extension has been deprecated. See http://www.php.net/manual/en/intro.mysql.php .