PHP MySQL Syntax Error on Select
Question
I am trying to Save an Email Address into my database and i am getting the following error
include 'db.php';
echo $email = $accounts['username'];
$date = date ("Y-m-d H:m:s");
$result = mysql_query("SELECT * FROM users where email = $email", $conn) or die($myQuery."<br/><br/>".mysql_error());
$num_rows = mysql_num_rows($result);
if ($num_rows == 0) {
$query_string = "INSERT INTO users (id, email, created)
VALUES (null, '$email', '$date')";
if (mysql_query($query_string, $conn)) {
echo "$name inserted<br/>";
} else {
die('Error: ' . mysql_error());
echo "Error inserting $email<br/>";
}
} else {
echo "$email exists<br/>";
}
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@mink7.com' at line 1
2 answers
solution1
2 2012-06-07 14:40:08
您应该在第一个SQL语句中引用$ email:
"SELECT * FROM users where email = '$email'"
solution2
1 ACCPTED 2012-06-07 14:46:36
marcochiesi has the right answer, but I would suggest mysql_real_escape_string to help prevent an SQL injection attack as well:
"SELECT * FROM users where email = '". mysql_real_escape_string($email)."'"
Update
FYI, if you don't put the quote's around the information you are constraining, MySQL is expecting it to be a column.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.