What Is Wrong With This Php-sql Select Where Statement?

Hi all

Im having problems with this peice of code:

  $result = mysql_query("SELECT 'ID' FROM 'login' WHERE username=$dusername",$link);    if($result != NULL){	//username DOES exsist so they cant have it!	include("scripts/userexsists.php");

The idea is, this query will take the variable $dusername which is the usernbame that a user wants to have, and check it in the database to see if it already exsists. and depending on whether it does or not it will include one of two different scripts.

The problem I'm having is that the variable $result seems to be emtpy. Does anyone know why? Its really annoying!

Try the code below. I've modified it since there's some minor problems with the use of quotation marks and mysql is strict with closed and unclosed strings so we have to be careful. You can use a variable first to store your string query so you can see if all quotation marks are closed (with beginning and ending quotes) but it's just optional. I hope this helps.

String $qry = "SELECT ID FROM login WHERE username='" .$dusername. "'";$result = mysql_query($qry);    if($result != NULL){	//username DOES exsist so they cant have it!	include("scripts/userexsists.php"); 

Try the code below. I've modified it since there's some minor problems with the use of quotation marks and mysql is strict with closed and unclosed strings so we have to be careful. You can use a variable first to store your string query so you can see if all quotation marks are closed (with beginning and ending quotes) but it's just optional. I hope this helps.

String $qry = "SELECT ID FROM login WHERE username='" .$dusername. "'";$result = mysql_query($qry);    if($result != NULL){	//username DOES exsist so they cant have it!	include("scripts/userexsists.php"); 

That code should work.If not then maybe you should go over the all script to make sure you didn't leave out anything example a symbol that could be interfering with that section of the script.

Thanks leiaah. Ive always had trouble with select where queries but never knew why, but now i do know why!That code worked perfectly although i had to remove "String" Just before the variable $qry. Not sure why i had to do that but it worked perfectly once i did :DThanks.

As this is a username query be careful of MySQL injections.People could hack it due to that.Use htmlentities() to save your script of being vulnerable.

Other function that usefull to sanitize user input before being executed by MySQL is using addslashes() sunction. but now most server is add escaping character automatically.