Ok, I have this PHP $_POST[‘username’] variable and I need to query everything on

Question

0

Asked: May 23, 20262026-05-23T11:39:32+00:00 2026-05-23T11:39:32+00:00

Ok, I have this PHP $_POST[‘username’] variable and I need to query everything on

0

Ok, I have this PHP $_POST[‘username’] variable and I need to query everything on the user via MYSQL. The only problem is it keeps throwing me errors.

something like

$user = $_POST['username'];
$query = mysql_query("SELECT * FROM user WHERE username = $user");

I’ve tried

$query = mysql_query("SELECT * FROM user WHERE username = `$user`");
$query = mysql_query("SELECT * FROM user WHERE username = ".$user);

Not sure what i’m doing wrong.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T11:39:33+00:00

Your problem is that strings in SQL need to be enclosed in single quotes.

The most preferable approach would be to use PDO. But sprintf (along with mysql_real_escape_string) is a better interim approach that what is posted:

$query = sprintf("SELECT u.* 
                    FROM USER u
                   WHERE u.username = '%s'",
                  mysql_real_escape_string($_POST['username']));

$result = mysql_query($query);

Lest we forget Little Bobby Tables 😉

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Ok, I have this PHP $_POST[‘username’] variable and I need to query everything on

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply