MYSQL query calling POST variable

Question

session_start();

$CompanyName = $_POST['CompanyName'];
$result = mysqli_query ("select CustomerID from CompanyInfo where CompanyName = '.$CompanyName.'");
$row = mysql_fetch_row($result);
$_SESSION["CustomerID"] = $row[0];

I have a feeling there is something wrong in my quoting however i cannot figure it out.

Thank you.

Answer 1

Look like besides your quoting being all messed up and the code broken

Try this

$result = mysqli_query ($link, "select CustomerID from CompanyInfo where CompanyName = '$CompanyName'");
$row = mysqli_fetch_row($result);

mysqli_query() expects at least 2 parameters
$link being your connection string im sure is called somewhere in the code. If its not that is probably Problem #1

that should give you output from:

echo "row: " .$row[0];

Which you can pass to a session.

$_SESSION["CustomerID"] = $row[0];

Answer 2

$CompanyName = $_POST['CompanyName'];
$result = mysqli_query ("select CustomerID from CompanyInfo where CompanyName ='" .$CompanyName."'");
$row = mysqli_fetch_row($result);
$_SESSION['CustomerID'] = $row[0];

Answer 3

Yes there is.

$result = mysqli_query ("select CustomerID from CompanyInfo where CompanyName = '".$CompanyName."'");

Notice the extra quotations to concatenate the string, or you could've forgone the dots and just do

$result = mysqli_query ("select CustomerID from CompanyInfo where CompanyName = '$CompanyName'");

You should also use mysqli_real_escape_string to prevent SQL injections, or use PDO. The comments to your question will give you plenty of resources but I'm simply answering within the scope of your question

Answer 4

Try this:

mysqli_query ("select CustomerID from CompanyInfo where CompanyName = '".$CompanyName."');

need to close the double quotes.