2

This code below gives me this error:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' where id = '000'' at line 1"

I don't understand the issue here

<?php
include(".conf.php");
$con = mysql_connect($conf['db_hostname'], $conf['db_username'], $conf['db_password']) or die (mysql_error());
$db = mysql_select_db("aTable", $con);
$pr = $_GET['aThing'];
$pr = addslashes(htmlentities($prof));
$info_array = mysql_query("SELECT * FROM '$db' where id = '$pr'", $con) or die(mysql_error()); 

while($row = mysql_fetch_array( $info_array )) {
    echo $row['aThing'];
    echo "</br>";
    echo $row['aThing'];
    echo "</br>";
    echo $row['aThing'];
    echo "</br>";
    echo $row['aThing'];
};
?>

Thanks for your help.

Improve this question

4 Answers 4

Reset to default
3

You should put table name into FROM : SELECT * FROM aTable WHERE .....Also, you don't escape variable that comes from user. You will need something like :
mysql_query("SELECT * FROM aTable where id = '".mysql_real_escape_string($pr)."'", $con) or die(mysql_error());

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Ok that got rid of the error but now it says No database selected
@JosephTorraca, remember this line?: $db = mysql_select_db("aTable", $con); ? change the value "aTable" to the name of the database you need to access, where aTable is from...
2

Function mysql_select_db returns either TRUE or FALSE

Instead, try:

$info_array = mysql_query("SELECT * FROM aTable where id = '$pr'", $con) or die(mysql_error());

Or perhaps:

$dbtable = "aTable";
$info_array = mysql_query("SELECT * FROM $dbtable where id = '$pr'", $con) or die(mysql_error());
Improve this answer

Comments

2

I am pretty sure it doesn't have any errors with the exception of the fatal error killing it.

I would say you'll get to a solution faster if you believe MySQL when it tells you there's a problem.

Re-reading the error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' where id = '000'' at line 1

I would question the table name and the quotes around the id. If that's an integer column, I'd expect to see a number without quotes.

Improve this answer

Comments

1

If I remember correctly, mysql_select_db returns true or false. It doesn't return database name.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.