I'm trying to make a login page in PHP, and I'm trying to construct the query here:
$q = 'SELECT * FROM users WHERE userid="'+$username+'"';
When I echo it out with
echo $q
I get 0. When I do
$q = 'SELECT * FROM users WHERE userid="'+"test"+'"';
I get 0. When I do
$q = 'SELECT * FROM users WHERE userid="michael"';
I get my expected result of the string being printed out
Use a . for concatenation, also don't forget to clean the data to prevent mysql injection.
$user_id = 'test';
$q = 'SELECT * FROM users WHERE userid="' . $user_id . '"';
Try using a PDO Prepared statement to protect yourself from SQL injection.
$q = 'SELECT * FROM users WHERE userid = ?';
$stmt = $dbh->prepare($q);
if ($stmt->execute(array($username))) {
while ($row = $stmt->fetch()) {
print_r($row);
}
}
you can use .
$user_id = 'michael';
$q = 'SELECT * FROM users WHERE userid="'.$user_id.'"';
or use double quotes for the expression and use single quotes for the variables
$user_id = 'michael';
$q = "SELECT * FROM users WHERE userid='$user_id'";
im Believe the second option is smallest and easiest to remember
'My sentence and {$keywords}'+is for math in PHP. Use a.You also might be open to SQL injections with this code, best to parameterize your query. Alsouseridwill probably never equal$username.