I have been trying to write the the select statement to fetch from the products table using the combination of the companyid and customerid, I am very sure I'm not doing it the right way, kindly help me to write the right sql to fetch using these parameters.
$customerid=$_SESSION['customersid'];
$companyid=$_SESSION['companyid'];
$test="SELECT producttype,quantity FROM product WHERE username= '" . mysql_real_escape_string($customerid) . "'" . 'AND'.mysql_real_escape_string($companyid) . "'" ;
You must put the fieldname for the companyid in the query
$test="SELECT producttype,quantity FROM product WHERE username= '" . mysql_real_escape_string($customerid) . "'" . 'AND COMPANYID_FIELDNAME ='.mysql_real_escape_string($companyid) . "'" ;
your syntax is incorrect. Try the following:
$customerid = mysql_real_escape_string($_SESSION['customersid']);
$companyid = mysql_real_escape_string($_SESSION['companyid']);
$test = "
SELECT producttype,quantity
FROM product
WHERE username='$customerid'
AND company='$companyid'
";
Btw, you should be using mysqli and not mysql since it is deprecated.
echo $test;does it look correct?mysql_queryinterface. It's awful and is being removed in future versions of PHP. A modern replacement like PDO is not hard to learn. A guide like PHP The Right Way speaks to best practices. If you're serious about using PHP as a development platform there are many development frameworks like Laravel worth checking out.