PHP MySQL what's wrong?

Question

What's wrong with this code?

    if( isset($_POST['user'])){
   $uzy = $_POST['user'];
   if(!empty($uzy)){
      $q = sprintf("SELECT `id` FROM `users` WHERE user= '".mysql_real_escape_string($uzy)."'");
      $s = mysql_query($q);
    if($wQ=mysql_query($q)) {
       $wQr = mysql_num_rows($wQ);
          if($wQr == 0){
             echo "<div style ='font:21px Trebuchet MS; color:#ff0000'>wrong login</div>";
          }else if($wQr == 1){
         $uzyt = mysql_result($wQ, 0, 'id');
         $_SESSION['uzyt'] = $uzyt;
         $sql = "SELECT * FROM work2 WHERE id='$s'";
    ...
    ...
    ...
}
}
}
}

The problem is here: $sql = "SELECT * FROM work2 WHERE id='$s'"; , because when I put for example $sql = "SELECT * FROM work2 WHERE id='1'"; everything works. Is is wrong syntax or what?

Answer 1

You're badly mis-using and mis-understanding how PHP/mysql operate:

  $s = mysql_query($q);
  ^^^--- query result handle

     $sql = "SELECT * FROM work2 WHERE id='$s'"; 
                                           ^^---- can't use a result handle here

Answer 2

The problem lies because your query is unable to convert $s into its original value. Its treating it as a string. Probably you should do it like

$sql = "SELECT * FROM work2 WHERE id='"$s"'";

One more thing that may come in handy while debugging is the use of echo statements. Had you tried doing

echo $sql

you wouldnt had posted here anyways :)

PS - We are more than happy to help :) Keep coming and keep bringing the questions