I've been trying to query an email address using the following statement, however after hours of trying to escape the string successfully I've accepted defeat.
The query I am using is: SELECT id, email FROM user WHERE email = '$email'
That gives me an error:
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1
I'm sure it's simple.. I just can't seem to find an answer anywhere that works.
UPDATE #1
The code that I have been using is:
$email = "abc@gmail.com";
$sql = "SELECT id, email FROM user WHERE email = '$email'";
$result = mysql_query($sql) or die('Unable to connect: '.mysql_error());
UPDATE #2
The email comes from the Facebook connect API.
This is probably because you the E-Mail address that you get from Facebook connect contains quotes, e.g. something like
"Harry"@gmail.com
"Harry@gmail.com"
when pulling data from a web service (or from anywhere else), you need to escape the data to prevent SQL injection, and garbled queries like in your situation.
In your case:
$email = mysql_real_escape_string($email);