Home/ Questions/Q 8298249
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T15:42:01+00:00

I got this query that is not working, and I don’t know what it

  • 0

I got this query that is not working, and I don’t know what it is. I’m writing a email active scripts. This the URL;

http://www.example.com/activate.php?id=1&h=secretkey1

This is what activate.php looks like;

<?php
require "inc/connect.php";

$id = (int)$_GET['id'];
$hash = mysql_real_escape_string($_GET['h']);

$sql = mysql_query("SELECT id, h, active FROM tablename WHERE id=$id AND key=$hash") or die(mysql_error());  
$row = mysql_fetch_array($sql);

if ($row['active'] == "1") {
    echo "error!";
}
elseif ($row['active'] == "0") {
    mysql_query("UPDATE tablename SET active=1 WHERE id='$id' AND key='$hash'");
}
?>

This is the error that I get;

You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘key=secretkey1’ at line 1

In my database I have a test field in tablename with;

id /    key    / active
------------------
1 / secretkey1 / 0
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Two reasons:

    1) Because you need to enclose secretkey1 (inside $hash) in single quotes, since it is a string and strings must be single-quoted. $id doesn’t need to be quoted since you have cast it to an integer.

    2) KEY is a MySQL reserved keyword, and must be enclosed in backquotes to be used as a table or column name:

    $sql = mysql_query("SELECT id, h, active FROM tablename WHERE id=$id AND `key`='$hash'") or die(mysql_error());

    I note also that you are selecting id, h, active in your query but your example table has a column named key, not h (unless we don’t see that column).

    • 0