2

I hope someone can help see what's wrong here: I have a form with two field EMAIL and PASSWORD that opens a php page where I intend to run a simple query on a table. I get an error message that makes no sense:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1.
The email address I entered in this case did end with '@gmail.com'
Here's the code:

<?php
$dbhost = 'somewhere.net';
$dbuser = 'someUser';
$dbpass = 'pass';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'medreunten_db1';
mysql_select_db($dbname) or die(mysql_error($conn)); 

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = $email";
$result = mysql_query($query, $conn) or die (mysql_error($conn));
extract(mysql_fetch_assoc($result));  


while ($row = mysql_fetch_array($result)) {
extract($row);
echo $row['name'];
echo $row['surname'];
echo $row['age'];
}
?>

Any advice would be appreciated.

Improve this question
3
  • possible duplicate of Simple table query syntax error? Commented Sep 26, 2011 at 11:36
  • $query = "SELECT * FROM employee WHERE email = '$email'"; OR $query = "SELECT * FROM employee WHERE email = ".$email; Commented Sep 26, 2011 at 11:36
  • yes. I ran into more problems because I inserted the mysql_real_escape_string before the db connection and I wanted to carry on in that thread, but I think I commented and that was unacceptable, so the mods deleted it and downvoated me. so i started a new question. Commented Sep 26, 2011 at 11:59

5 Answers 5

Reset to default
6

You are missing quotes around string fields:

$query = "SELECT * FROM employee WHERE email = '$email'";

Additionally,

extract(mysql_fetch_assoc($result));

will fetch the first row from the database, so your while loop will start from the second row.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks for pointing that out, I fixed both errors and it works :)
0

You have to put the value in quotes inside SQL string.

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = '$email'";

(mind the extra '' around $email)

Improve this answer

Comments

0

Your query translates to:

SELECT * FROM emloyee WHERE email = [email protected]

This doesn't work, you have to put strings in quotes. Change your code to the following and it will work:

$query = "SELECT * FROM employee WHERE email = '$email'";
Improve this answer

Comments

0

Just single quote the variable '$email' because it varchar type value and field . As wrote, Darhazer :)

Improve this answer

Comments

0

Full fixed code:

<?php
$dbhost = 'somewhere.net';
$dbuser = 'someUser';
$dbpass = 'pass';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'medreunten_db1';
mysql_select_db($dbname) or die(mysql_error($conn)); 

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = '$email'";
$result = mysql_query($query, $conn) or die (mysql_error($conn));
extract(mysql_fetch_assoc($result));  


while ($row = mysql_fetch_array($result)) {
extract($row);
echo $row['name'];
echo $row['surname'];
echo $row['age'];
}
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.