I keep on getting this error message on this line of code with MySQL:
$result = mysql_query("select * from registered_payee
WHERE customer_id='$_SESSION[customer_id]'");
how can i fix this while its inside a query?
Thanks.
original code:
<?php
session_start();
include("header.php");
include("dbconnection.php");
$result = mysql_query("select * from registered_payee WHERE customer_id='$_SESSION[customer_id]'");
$result1 = mysql_query("select * from registered_payee WHERE sl_no='$_POST[payto]'");
$arrpayment = mysql_fetch_array($result1);
$dt = date("Y-m-d h:i:s");
$acc= mysql_query("select * from accounts where customer_id='$_SESSION[customer_id]'");
?>
i guess you have problem with quotation .try this
$result = mysql_query("select * from registered_payee
WHERE customer_id='".$_SESSION['customer_id']."' ");
Obs:
make sure to escape your values before inserting them to your query.
and make sure to change from mysql to mysqli or pdo as mysql is deprecated.
You are using a constant in an associative element of an array, instead of a simple string:
"... '$_SESSION[customer_id]'"
^ ^
Plus, you don't escape the array properly:
"... '$_SESSION[customer_id]'"
^ ^
So both mistakes fixed it should look like:
"... '" . $_SESSION['customer_id'] . "'"
Note: You should never put variables into strings without seperating them visually, to make it even more readable (more readable = faster error detection), put every part on a new line.
Using prepared statements (MySQLi, PDO), you can also avoid deprecated warnings and quotation mistakes.
To make the difference even more clear, try the following PHP snippet:
<?php
define('customer_id', 1);
$test['customer_id'] = 'with quotes';
$test[customer_id] = 'without quotes';
print_r($test)