This question already has an answer here:
I have tried these SQL querys:
$sql = "SELECT * FROM `order` WHERE `KLANT_ID` = \'1\'";
$sql = "SELECT * FROM order WHERE KLANT_ID = '1'";
$sql = "SELECT * FROM order WHERE KLANT_ID = 1";
If i run these i get this error :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order WHERE KLANT_ID='1'' at line 1
I normally did this query with 1 being a variable $id but that gave the same error. Also deleting `` these from order and KLANT_ID does not work. Also when i change this part : \'1\' to '1' it does not work
This is al done with PHP MYSQLI and PHPMYADMIN database
Thank you
</div>
You are manually escaping the single quotes in your query, while that is not needed (because you use double quotes for the variable).
You need to undo the escaping.
$sql = "SELECT * FROM `order` WHERE `KLANT_ID` = '1'";
Also, use this function to escape, not just backslash the variable.
try this
$sql = "SELECT * FROM `order` WHERE `KLANT_ID` = 1";
beacause KLANT_ID is int type may be your query read it as string
If you are using MySQLi (as you mention) then you should be using prepared statements to avoid SQL injection, not escaping.
Assuming your database connection is $db;
$test = 1;
$stmt = $db->prepare("SELECT * FROM `order` WHERE `KLANT_ID` = ?");
$stmt->bind_param('i',$test);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();