You have an error in your SQL syntax - How to?

MySQL database
#1

Hi,

I have developed an application and hosted in a server.But unfortunately php and mysql versions are not same and now its showing me syntax errors

This is my select statement

[php]$sql=“SELECT * FROM $tbl_name WHERE username=’$myusername’ and password=’$mypassword’”;[/php]

Error is this

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘-mytablename WHERE username=‘myusername’ and password=‘mypwd’’ at line 1

new server mysql version is 5.6 my old one was 5.0.45

Can anyone please tell me what should I change in the statment? becuase I have to change all select,insert,delete pages in the application

Thanks

#2

A table name needs to be escaped if you intend to use any special character (such as, in your case, a hyphen). Use backticks to prevent this:

SELECT * FROM  `$tbl_name` WHERE ...

Please note that if you are not using prepared statements, which you are not, you are almost guaranteed to have SQL injection vulnerabilities in the app you are developping.

Sponsor our Newsletter | Privacy Policy | Terms of Service