mysql SELECT query returning error with correct syntax

Question

I am working on a social networking site for my company and I am setting up the messaging system.

I have a table in the database called "mail" and for some reason the simplest SELECT query is returning an error. here's the code:

    $sql = "SELECT * FROM mail WHERE to='$username'";
$result = mysql_query($sql) or die(mysql_error());

while($row = mysql_fetch_assoc($result)){
    $from = $row['from'];
    $content = $row['content'];
    echo "<tr><td>$from</td><td>$content</td></tr>";
}

It is returning this error; You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to='cody'' at line 1

I have used this type of query with the same syntax a hundred times before I have no idea whats wrong this time.

A few notes: The database connection works fine, "to", "from" and "content" are columns in my "mail" table.

Thanks in advance for your help

Sounds like there might be a problem with the value of $username - or maybe in PHP you're supposed to use ` instead of ' for this sort of thing (I forget)? — FrustratedWithFormsDesigner
– FrustratedWithFormsDesigner, Commented Jun 1, 2011 at 17:37
can I recommend that you switch to prepared queries now, while you're early in development? I'd rather your site not get taken down by SQL injection attacks. — user7116
– user7116, Commented Jun 2, 2011 at 14:39

Community · Accepted Answer · 2020-06-20 09:12:55Z

8

TO is a reserved word. Try the following instead

$sql = "SELECT * FROM mail WHERE `to`='$username'";

Reserved words are permitted as identifiers if you quote them as described in Section 8.2,

Reference

edited Jun 20, 2020 at 9:12

CommunityBot

11 silver badge

answered Jun 1, 2011 at 17:37

Loktar

35.3k7 gold badges96 silver badges106 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

user7116 Over a year ago

+1, also please please please use prepared queries. People will start making usernames you don't like (' OR ''=')

horatio · Accepted Answer · 2011-06-01 17:38:56Z

0

"TO" is also a keyword try encapsulating the field name with a backtick `

answered Jun 1, 2011 at 17:38

horatio

1,4368 silver badges7 bronze badges

Comments

I.B. · Accepted Answer · 2011-06-02 05:27:26Z

0

I think the problem occurs due to this

to='$username'

$username is a Php variable so check out

edited Jun 2, 2011 at 5:27

I.B.

29.2k13 gold badges87 silver badges108 bronze badges

answered Jun 1, 2011 at 17:50

Parmod kr. Pal

211 silver badge4 bronze badges

Collectives™ on Stack Overflow

mysql SELECT query returning error with correct syntax

3 Answers 3

1 Comment

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related