I have this piece of code in php for make a query from mysql database
if(isset($_SESSION["esb2b_userid"])){
$check_row = mysql_num_rows(mysql_query("select * from esb2b_basket where es_session='.$site.' and es_uid=".$_SESSION["esb2b_userid"]) or die(mysql_error()));
echo "Logged in as <b>" . $_SESSION["esb2b_username"] . "</b>" ;
?> <? }else{
?> <? echo "$to" ?> Our Website <? } ?> <? if($_SESSION['esb2b_userid']=='')
{?> <span id="log-info"><a href="<?=$domain_url?>/signup.html"><? echo "$Join_Free" ?></a><?php }?> |
<? if($_SESSION['esb2b_userid']=='')
{?> <a href="<?=$domain_url?>/signin.php?file="><? echo "$Sign_In" ?></a><?php } else { ?><a href="<?=$domain_url?>/logout.php" > <? echo "$Sign_out" ?> </a><?php }?>
But here I am getting error like this
Unknown column 'esb2b_userid' in 'where clause'
So can someone kindly tell me whay I am getting this result and how can I solve this issue? Any help and suggestions will be really appreciable. Thanks
change this
mysql_query("select * from esb2b_basket where es_session='.$site.' and es_uid=".$_SESSION["esb2b_userid"])
to
mysql_query("select * from esb2b_basket where es_session='".$site."' and es_uid=".$_SESSION["esb2b_userid"])
Your parentheses in your query are a bit mixed up, try:
$check_row = mysql_num_rows(mysql_query("select * from esb2b_basket where es_session='".$site."' and es_uid='".$_SESSION["esb2b_userid"]."') or die(mysql_error()));
you should escape your variable by mysql_real_escape_string from sql injection try this
$check_row = mysql_num_rows(mysql_query("select * from esb2b_basket
where es_session= '".mysql_real_escape_string($site)."'
and es_uid='".mysql_real_escape_string($_SESSION["esb2b_userid"])."' ") or die(mysql_error()));
and please dont use mysql , change to mysqli or PDO