How does one make an mysql statement to retrieve information from a POST. This is wrong obviously, but I’m hoping someone will find it an easy question.
[php]$sql = “SELECT age FROM waterUsage WHERE age=” . $_POST[“age”]; [/php]
Thanks!
the syntax look right, what problems do you have with it?
Be aware though that inserting insecure parameters into the query is a major security hole. You should be using parameterized queries that split up the query and the parameters. So your end query should look like this
[php] $sql = “SELECT age FROM waterUsage WHERE age = ?”; [/php]
You can read more about parameterized queries by checking out the mysqli or pdo extensions in PHP (well documented in the manual), or you could check out my PDO-tutorial.
Thanks for the reply. So it’s called “parametrized query”?
yes the type of queries where you replace parameters with placeholders (named or unnamed) and send the query string and the parameters in separated is called parameterized queries 
Thanks, at least now I know what it’s called I’m looking for.