GET ID look up in mysql and show the information

Question

I'm trying to get information from mysql database using GET id. I use the following code to check what the id is.

            $qry    = "SELECT name,country FROM databasetable WHERE uid=$id";

I get error which means that it couldn't find any entry with the specified uid. If I change the uid to only to numbers, then it works can look it up. Example: ?id=1000000000 works fine, ?id=1kKV0LEfMi . Can't be found Please help me

Answer 1

You need to change your query to have single quotes around the uid value like this

$qry = "SELECT name,country FROM databasetable WHERE uid='$id'";

That being said you also really need to look into using the newer MySQL connection support (not the mysql_* functions) and you need to learn how to escape your data so you protect against SQL injection.

Answer 2

you need to add quotes around the $id to allow strings in the query

$qry= "SELECT name,country FROM databasetable WHERE uid='$id'";

btw. why are you doing $id = htmlspecialchars($_GET['id']); ?

this should rather be $id = mysql_escape_string($_GET['id']);!

Answer 3

 '$id'  <-- first put the variable in single quotes. good practice. 

Secondly, if you're not using special chars take that out because that could be your problem. Try stripping html special chars and try again