What is wrong with this query: "SELECT * FROM table WHERE id = $_POST[ 'id' ]"?
What is wrong with this query: "SELECT * FROM table WHERE id = $_POST[ 'id' ]"?
194027-Oct-2022
Updated on 27-Oct-2022
forum
Home / DeveloperSection / Forums / What is wrong with this query: "SELECT * FROM table WHERE id = $_POST[ 'id' ]"?
Writing is my profession! I have written hundreds of article for many organizations and looking forward to work with growing organization. I am compatible to produce content in many categories including International politics, Healthcare, Education, Lifestyle, etc.. I understand the value of your time that you have invested to read my bio. #thanks
2 Answers
KIRTI SHARMA
03-Nov-2022The use of table keyword it displays error when we execute the query SELECT * FROM table WHERE id = $_POST[ 'id' ]'?
Siddhi Malviya
28-Oct-2022Never use user input directly in queries.
This works:
$_POST['id'] = 27;
$sql = 'SELECT * FROM table WHERE id = $_POST[ 'id' ]'; echo $sql;
l = 'SELECT * FROM table WHERE id = $_POST[ 'id' ]';
echo $sql;