up vote 0 down vote favorite

I hope someone can help see what's wrong here: I have a form with two field EMAIL and PASSWORD that opens a php page where I intend to run a simple query on a table. I get an error message that makes no sense:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1.
The email address I entered in this case did end with '@gmail.com'
Here's the code:

<?php
$dbhost = 'somewhere.net';
$dbuser = 'someUser';
$dbpass = 'pass';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'medreunten_db1';
mysql_select_db($dbname) or die(mysql_error($conn)); 

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = $email";
$result = mysql_query($query, $conn) or die (mysql_error($conn));
extract(mysql_fetch_assoc($result));  


while ($row = mysql_fetch_array($result)) {
extract($row);
echo $row['name'];
echo $row['surname'];
echo $row['age'];
}
?>

Any advice would be appreciated.

share|improve this question
possible duplicate of Simple table query syntax error? – Quentin Sep 26 '11 at 11:36
$query = "SELECT * FROM employee WHERE email = '$email'"; OR $query = "SELECT * FROM employee WHERE email = ".$email; – Ehtesham Sep 26 '11 at 11:36
yes. I ran into more problems because I inserted the mysql_real_escape_string before the db connection and I wanted to carry on in that thread, but I think I commented and that was unacceptable, so the mods deleted it and downvoated me. so i started a new question. – Max Sep 26 '11 at 11:59

5 Answers

up vote 2 down vote accepted

You are missing quotes around string fields:

$query = "SELECT * FROM employee WHERE email = '$email'";

Additionally,

extract(mysql_fetch_assoc($result));

will fetch the first row from the database, so your while loop will start from the second row.

share|improve this answer
thanks for pointing that out, I fixed both errors and it works :) – Max Sep 26 '11 at 11:55
up vote 0 down vote

Full fixed code:

<?php
$dbhost = 'somewhere.net';
$dbuser = 'someUser';
$dbpass = 'pass';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

$dbname = 'medreunten_db1';
mysql_select_db($dbname) or die(mysql_error($conn)); 

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = '$email'";
$result = mysql_query($query, $conn) or die (mysql_error($conn));
extract(mysql_fetch_assoc($result));  


while ($row = mysql_fetch_array($result)) {
extract($row);
echo $row['name'];
echo $row['surname'];
echo $row['age'];
}
?>
share|improve this answer
up vote 0 down vote

Just single quote the variable '$email' because it varchar type value and field . As wrote, Darhazer :)

share|improve this answer
up vote 0 down vote

Your query translates to:

SELECT * FROM emloyee WHERE email = [email protected]

This doesn't work, you have to put strings in quotes. Change your code to the following and it will work:

$query = "SELECT * FROM employee WHERE email = '$email'";
share|improve this answer
up vote 0 down vote

You have to put the value in quotes inside SQL string.

$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM employee WHERE email = '$email'";

(mind the extra '' around $email)

share|improve this answer

Your Answer

 
or
required, but never shown
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.