MYSQL query calling POST variable

StackOverflow https://stackoverflow.com/questions/22157539

  •  19-10-2022
  •  | 
  •  

Question 

session_start();

$CompanyName = $_POST['CompanyName'];
$result = mysqli_query ("select CustomerID from CompanyInfo where CompanyName = '.$CompanyName.'");
$row = mysql_fetch_row($result);
$_SESSION["CustomerID"] = $row[0];

I have a feeling there is something wrong in my quoting however i cannot figure it out.

Thank you.

Was it helpful?

Solution

Look like besides your quoting being all messed up and the code broken

Try this 

$result = mysqli_query ($link, "select CustomerID from CompanyInfo where CompanyName = '$CompanyName'");
$row = mysqli_fetch_row($result);


mysqli_query() expects at least 2 parameters
$link being your connection string im sure is called somewhere in the code. If its not that is probably Problem #1

that should give you output from:

echo "row: " .$row[0];

Which you can pass to a session.

$_SESSION["CustomerID"] = $row[0];

OTHER TIPS

$CompanyName = $_POST['CompanyName'];
$result = mysqli_query ("select CustomerID from CompanyInfo where CompanyName ='" .$CompanyName."'");
$row = mysqli_fetch_row($result);
$_SESSION['CustomerID'] = $row[0];

Yes there is.

$result = mysqli_query ("select CustomerID from CompanyInfo where CompanyName = '".$CompanyName."'");

Notice the extra quotations to concatenate the string, or you could've forgone the dots and just do

$result = mysqli_query ("select CustomerID from CompanyInfo where CompanyName = '$CompanyName'");

You should also use mysqli_real_escape_string to prevent SQL injections, or use PDO. The comments to your question will give you plenty of resources but I'm simply answering within the scope of your question

Try this:

mysqli_query ("select CustomerID from CompanyInfo where CompanyName = '".$CompanyName."');

need to close the double quotes.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top