Welcome to WebmasterWorld Guest from 188.8.131.52
$manufacturer = $_POST['manufacturer'];
echo "<h1> Query result for manufacturer = ","$manufacturer", "</h1>";
And the page prints the appropriate value chosen from the form.
I'm trying to use the $manufacturer variable in a mysql query to select records which match.
My mysql query works when I use the following code:
$result = mysql_query("SELECT * FROM serialtest WHERE manufacturer = 'Yamaha'") or die(mysql_error());
but not when I add the $_POST[manufacturer] value in place of 'Yamaha'
The error I get is: "Unknown column 'Yamaha' in 'where clause'"
Is it my syntax?
Many thanks for any help you can give.
Welcome to Webmasterworld.
Try putting it this way:
$result = mysql_query("SELECT * FROM serialtest WHERE manufacturer = '". $_POST[manufacturer] ."'") or die(mysql_error());
Number I should work, but I could have done the security check as well at this stage:
$manufacturer_cleaned = strip_tags($_POST[manufacturer]);
and the related functions.
$result = mysql_query("SELECT * FROM serialtest WHERE manufacturer = '$manufacturer_cleaned'") or die(mysql_error());
Something not related to that question,
As a performance tip, unless you need to use all the fields in that table it is always good to mention the field names, like:
SELECT field1, field2 FROM table1