I am getting an error in select query line. Here it is:
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING
And the code:
<?php
include('dbconnection.php');
$sql = "select * from 'user' where id ='.$_REQUEST['id'].' ";
$result = mysql_query( $sql);
if(!$result )
{
die('Could not enter data: ' . mysql_error());
}
$sql="select * from `user` where id ='".$_REQUEST['id']."' ";
This will solves your problem But look mysqli_query to limit your SQL-injection vulnerability.
Replace query:
$sql="select * from 'user' where id ='.$_REQUEST['id'].' ";
with:
$sql="select * from `user` where id =".$_REQUEST['id']."";
You can try this:
$id = (int) $_REQUEST['id']; // interger value
$sql = "select * from `user` where id = '$id' ";