Mysql_query where operator

Question

Mysql_query where operator

I retrieve the values from url using the GET method, and then using the if statement to determine what they are, then query them from the database to show only those elements that match them, I get an unknown error with your request. here is my code

$province = $_GET['province']; $city = $_GET['city']; if(isset($province) && isset($city) ) { $results3 = mysql_query("SELECT * FROM generalinfo WHERE province = $province AND city = $city ") or die( "An unknown error occurred with your request"); } else { $results3 = mysql_query("SELECT * FROM generalinfo"); } /*if statement ends*/

+6

php mysql where

Cool guy yo May 16, '10 at 22:00

source share

1 answer

Mark byers · Accepted Answer · 2010-05-16T22:02:12+0000

You need single quotes around strings in SQL:

 "SELECT * FROM generalinfo WHERE province='$province' AND city='$city'"

Note that constructing the query in this way can lead to SQL injection vulnerability. Use mysql_real_escape_string instead .

 "SELECT * FROM generalinfo WHERE province='" . mysql_real_escape_string($province) . "' AND city='" . mysql_real_escape_string($city) . "'"

Mysql_query where operator

More articles: