I am writing PHP code for a dynamic web page. The SQL query code below looks correct, but whenever the page runs, I keep getting the message within the die parameter.
$recipeid = $_GET['id'];
$query = "select title from recipes where recipeid = $recipeid";
$result = mysql_query($query) or die('Could not retrieve file');
Why does the query keep failing?
Aside from the SQL Injection ( look into mysql_real_escape_string ) add this to your error statement to see the exact error:
$result = mysql_query($query) or die('Could not retrieve file: ' . mysql_error());
And it will tell you what is wrong.
Could be a handful of different things, since we're only seeing a little snippet of the code, it would just be speculation. Posting code or more details about what you know the error isn't would be helpful.
First try putting single quotes around $recipeid. like so:
$query = "select title from recipes where recipeid = '$recipeid'";
If that doesn't work, time for more debugging.
If invoke the page without passing the id parameter in url (?id=22, for instance) you'll get a syntax error.
Try checking if $recipeid has a value prior to execute the query.
