unknown column in where clause

Question

This page has a variable (aucname2) passed to it, it should then use that as the value for the sql statement. But it keeps telling me that value is being used as the column and then of course telling me that column doesn't exist

<?php 
    $auc = $_GET['aucname2'];
    $db_name = "auctionfinal";
    $table_name = "auctions";
    $connection = @mysql_connect("auctionfinal.db.6084638.hostedresource.com","xxxxx", "xxxxx") or die(mysql_error());
    $db = @mysql_select_db($db_name, $connection) or die(mysql_error());
    $sql = "SELECT * FROM $table_name WHERE `aucname` = $auc";
    $result = @mysql_query($sql, $connection) or die(mysql_error());

    if (mysql_num_rows($result) > 0) {
        while ($row = mysql_fetch_array($result)) {
            $aucname3 = $row['aucname'];
            $seller = $row['seller'];
            $price = $row['price'];
            $start = $row['start'];
            $end = $row['end'];
            $nbids = $row['nbids'];
            $category = $row['category'];
            $link = "pagename.php?aucname=$aucname";

            $display_block = "Auction Name - $aucname3 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            Seller - $seller &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            Price - $price &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            Start Date - $start </br>
            End Date - $end &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            # bids - $nbids &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
            Category - $category
            <p> ------------------ </p>";

       }
       echo "$display_block";
    }
?>

Answer 1

Change this line:

$sql = "SELECT * FROM $table_name WHERE aucname = $auc";

to

$sql = "SELECT * FROM $table_name WHERE aucname = '$auc'";

Since $auc is a string, it needs to be enclosed in quotes, otherwise MySQL will try to look for the value of that variable as a column name.

Also, you should probably use mysql_real_escape_string() on $auc first because otherwise you will be vulnerable to SQL injection.