2

I've been trying to query an email address using the following statement, however after hours of trying to escape the string successfully I've accepted defeat.

The query I am using is: SELECT id, email FROM user WHERE email = '$email'

That gives me an error:

MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1

I'm sure it's simple.. I just can't seem to find an answer anywhere that works.

UPDATE #1

The code that I have been using is:

$email = "[email protected]";

$sql = "SELECT id, email FROM user WHERE email = '$email'";

$result = mysql_query($sql) or die('Unable to connect: '.mysql_error());

UPDATE #2

The email comes from the Facebook connect API.

Improve this question
6
  • 1
    Please show the full generated query that you are using, and the PHP code Commented Oct 28, 2010 at 11:57
  • Also, where does that E-Mail address come from? User input? Commented Oct 28, 2010 at 12:01
  • The code you are showing is generating a syntax error ([email protected] needs quotes). Can you show the exact code you are using? Also, please do a echo $sql; for the E-Mail address and show the result. Commented Oct 28, 2010 at 12:05
  • There's misprint in query string: SELET instead of SELECT. Commented Oct 28, 2010 at 12:05
  • SELECT id, email FROM user WHERE email = '[email protected]' Commented Oct 28, 2010 at 12:08

1 Answer 1

Reset to default
6

This is probably because you the E-Mail address that you get from Facebook connect contains quotes, e.g. something like

"Harry"@gmail.com  
"[email protected]"

when pulling data from a web service (or from anywhere else), you need to escape the data to prevent SQL injection, and garbled queries like in your situation.

In your case:

$email = mysql_real_escape_string($email);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.