0 
$min_range=$_GET['min_range'];
$max_range=$_GET['max_range'];
$brand_name=$_GET['brand'];

$result=mysql_query(
    "
        SELECT 
            brand,
            image,
            price
        FROM 
            mobile
        WHERE 
            brand = '"$brand_name " 'price =3000
    "
);

I want to use php variable in my sql query . What is wrong with this code. and how it can be corrected.

it is saying "parse error:syntax error,unexpect('$brand_name')"

Improve this question
3
  • 2
    Just as an additional point: the mysql driver is deprecated. You should read up on MySQLi or PDO. Also, it will be a good idea to read up on prepared statements. Commented Nov 4, 2013 at 7:21
  • SQL injections detected. Also, read more PHP tutorials like phptherightway.com Commented Nov 4, 2013 at 7:37
  • it is called concatenation, but still your query has an invalid syntax Commented Nov 4, 2013 at 8:31

6 Answers 6

Reset to default
1

One way is the following:

$result=mysql_query(
    "
        SELECT 
            brand,
            image,
            price
        FROM 
            mobile
        WHERE 
            brand = '" . $brand_name . "'
        AND
            price =3000
    "
);

another way is this:

$result=mysql_query(
    "
        SELECT 
            brand,
            image,
            price
        FROM 
            mobile
        WHERE 
            brand = '$brand_name'
        AND
            price = 3000
    "
);

Another way is this:

$result=mysql_query(
    sprintf(
        "
            SELECT 
                brand,
                image,
                price
            FROM 
                mobile
            WHERE 
                brand = '%s'
            AND
                price = 3000
        ",
        $brand_name
    )
);

Also notice that your code, comes with syntax errors, replace the AND operator with one that meet your needs.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0 
$result = mysql_query("SELECT brand,image,price FROM mobile WHERE brand = '$brand_name' AND price = 3000");
Improve this answer

Comments

0 
$result=mysql_query(
    "
        SELECT 
            brand,
            image,
            price
        FROM 
            mobile
        WHERE 
            brand = '.$brand_name.' AND price =3000
    "
);
Improve this answer

1 Comment

Please add an explanation.
0

you can try this : 

    $result=mysql_query(
    "
        SELECT brand, image, price
        FROM mobile
        WHERE 
            brand = '" . $brand_name . "' AND price = 3000
     ");
Improve this answer

Comments

0

$result = $mysql->prepare("SELECT brand, image, price FROM mobile WHERE brand =? AND price=3000");

$result->bind_param($brand_name);

$result->execute();

Improve this answer

Comments

0

Change your query to

$result=mysql_query("SELECT brand,image,price FROM mobile WHERE brand='$brand_name' AND price=3000");

You actually forgot to separate the condition. Added an AND keyword.

Improve this answer

1 Comment

OHOO.. I am what a noob :( .. thaank you :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.