The PHP code ACTUALLY reads
$sql = "select * from 'credit_card_info where' 'fname'='" . $_POST['fname'] . "' and 'lname'='" . $_POST['lname'] . "'";
echo $sql;

But I am not even sure if my table name needs to be in quotes.

What error are you getting?

Its at the bottom of that post:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/enusyn19/public_html/query.php on line 16

select * from 'credit_card_info where' 'fname'='Matt' and 'lname'='Bair'

This is an error: 'credit_card_info where'

select * from 'credit_card_info' where 'fname'='Matt' and 'lname'='Bair'

but you don't need to quote table / column names anyway, except in unusual circumstances.

select * from credit_card_info where fname='Matt' and lname='Bair'

$sql = "select * from 'credit_card_info where' 'fname'='" . $_POST['fname'] . "' and 'lname'='" . $_POST['lname'] . "'";

You have a misplaced apostrophe in your query at the table name. Your code looks like it was taken from a phpadmin editor. I would try to write it a little cleaner, if possible, if using in a script.

$sql = "select * from credit_card_info where fname = $_POST['fname'] and lname = $_POST['lname']";

skunked by zCat!

btw dipster19, Welcome to WebmasterWorld

Thanks for the welcome :)
I had already noted the misplaced apostrophe (which was unneeded anyway) and I have cleaned up my script as suggested.

[edited by: dipster19 at 2:03 pm (utc) on Mar. 25, 2005]

Well, now I am getting a new error. It is:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/enusyn19/public_html/query.php on line 10

line 10 is:

$sql = "select * from credit_card_info where fname = $_POST['fname'] and lname = $_POST['lname']";

and the complete script I am using now is:

<?
$host = "localhost";
$user = "userid";
$pass = "p-word";
$dbname = "database name";

$connection = mysql_connect($host,$user,$pass) or die (mysql_errno().": ".mysql_error()."<BR>");
mysql_select_db($dbname);

$sql = "select * from credit_card_info where fname = $_POST['fname'] and lname = $_POST['lname']";
echo $sql;

$query = mysql_query($sql);

while ($row = mysql_fetch_array($query)) { echo "<p>",$row['fname'],": ",$row['lname']; }
?>

$sql = "select * from credit_card_info where fname = $_POST['fname'] and lname = $_POST['lname']";

You don't need to quote table / column names, but string values always need quotes:

$sql = "select * from credit_card_info where fname = '".$_POST['fname']."' and lname = '".$_POST['lname']."'";

I thought the string values needed quotes, but I was givin granpa's advice a try :) Well, I reinserted quotes and periods used:

$sql = "select * from credit_card_info where fname='" . $_POST['fname'] . "'; and lname='" . $_POST['lname'] . "'";

That line is now correct, but I am back to square one. I am receiving my original error message which is:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/enusyn19/public_html/query.php on line 16

Something must be wrong with line 16 which is:

while ($row = mysql_fetch_array($query)) { echo "<p>",$row['fname'],": ",$row['lname']; }

Any more input is appreciated :) thanks.

echo the query to screen and then connect via a shell to your server and execute your query in mysql itself.

failing being able to do that, change this

$query = mysql_query($sql);

to

$query = mysql_query($sql) or die ('<p>error querying: ' . mysql_error());

that will give you the true error. The error you stated above means mysql_fetch_array can't use what you gave it. If it can't use it then your query exploded and the var $query isn't able to be used for mysql_fetch_array.

look to the query itself

Thanks Jatar, I made that change and now I believe I am getting the actual error (if I understood that correctly). I am now getting this when I submit my search:

select * from credit_card_info where fname='Matt'; and lname='Bair' (what I am searching for)

error querying: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '; and lname='Bair'' at line 1

I am at a bit of a loss now... what is it referring to when it says "at line 1"?

since you only sent a 1 line query, inevitably the error will be on line 1

you've terminated your query before where you want it to end

select * from credit_card_info where fname='Matt'; and lname='Bair'

see the semi colon after ='Matt' that shouldn't there, it should be

select * from credit_card_info where fname='Matt' and lname='Bair';

so your sql query creation should be like so

$sql = "select * from credit_card_info where fname='" . $_POST['fname'] . "' and lname='" . $_POST['lname'] . "'";

try that

Thanks a lot! sorry I havent replied but I was gone for the weekend. My problem was that I was missing the . before and after my variables in my query. I.E. I had:

$sql = "select * from credit_card_info where fname='"$_POST['fname']"' and lname='"$_POST['lname']"'";

Instead of:

$sql = "select * from credit_card_info where fname='" . $_POST['fname'] . "' and lname='" . $_POST['lname'] . "'";

I have a new problem now though... My goal was to have it so you could search the database for somebody's first and last name, and it would display all of the billing information from the row. When I do my search, all that is displayed to me is their first and last name. How can I fix that? Here is my current script:

<?
$host = "localhost";
$user = "userid";
$pass = "password";
$dbname = "dbname";

$connection = mysql_connect($host,$user,$pass) or die (mysql_errno().": ".mysql_error()."<BR>");
mysql_select_db($dbname);

$sql = "select * from credit_card_info where fname='" . $_POST['fname'] . "' and lname='" . $_POST['lname'] . "'";
echo $sql;

$query = mysql_query($sql);

while ($row = mysql_fetch_array($query)) { echo "<p>",$row['fname'],": ",$row['lname']; }
?>

I appreciate the help, Im learning a lot from this website :)

that is because that is all you are showing

echo "<p>",$row['fname'],": ",$row['lname'];

but you are getting everything

select *

so try looking at what you have available with this

while ($row = mysql_fetch_array($query)) {
echo '<p><pre>';
print_r($row);
echo '</pre>';
//echo "<p>",$row['fname'],": ",$row['lname'];
}

that is what is available in the array for you to use.

<aside>I sure hope this is an internal administration function and you take the necessary means to protect your users personal information. tables with the name 'credit_card_info' and queries using 'select *' and the thought of unencrypted credit card data make me very nervous and set off a lot of privacy law bells and security issues.

Thanks a ton Jatar, Its working how I had intended it to! Yes, this is an internal page. The db is hosted on a secure server, and I will be putting the forms on a password protected SSL secure site. This search is only going to be accessable to the one person who will be doing billing. My goal was just to simplify the process so they dont have to use a program like phpMyAdmin. If I am going about this the wrong way or you have suggestions, im open to hearing them! You have been very helpful, thanks a lot.

[p.s. Im not even positive I will use this, its mostly just for learning experience... sql is an interesting tool :) ]