Whenever I visit the page I get: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
It has to do with the second while loop
<html>
<body>
<?php
mysql_connect("mysql.1freehosting.com", "u533288591_sdc", "mypass") or die(mysql_error());
mysql_select_db("u533288591_sdc");
$name = $_POST['name'];
$probably_needed = "questions";
$grade = $_POST['class'] ;
$answers ="answers" ;
$query = mysql_query("SELECT * FROM $probably_needed ") or die(mysql_error());
$otherquery = mysql_query("select * from $ANSWERS ") or die (mysql_error()) ;
while($row = mysql_fetch_array($query)){
echo "<a href=\"answer.php?name=" . $name . "&subject=" . $row['Subject'] . "&grade=" . $grade . "\">" . $row['Subject'] ."</a>" ;
while($answerrow = mysql_fetch_array($otherquery)){
if ($answerrow['name'] == $name){
if ($answerrow['subject'] == $row['Subject']){
echo "success" ;
}
}
}
}
?>
</body>
</html>
wrap your variables with backtick. lowercase your variable $ANSWERS
SELECT * FROM `$probably_needed`
select * from `$answers`
PHP is case sensitive.
A. In php $answers is not $ANSWERS
Variables in PHP are represented by a dollar sign followed by the name of the variable. The variable name is case-sensitive.
Try
$answers ="answers" ;
mysqli_query($link,sprintf("Select * from %s",$answers));
B. From PHP Doc on mysql_query
Suggested alternative Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
You should upgrade to mysqli or PDO
C. Due to XSS Injection flaw in your code you should use filter_var
What i think your code should look like
$mysqli = new mysqli("mysql.1freehosting.com", "u533288591_sdc", "mypass", "u533288591_sdc");
$name = filter_var($_POST['name'], FILTER_SANITIZE_STRING);
$grade = filter_var($_POST['class'],FILTER_SANITIZE_STRING);
$tableQuestion = "questions"; // not sure where this would come from
$tableAnswer = "answers";
$resultQuestion = $mysqli->query(sprintf("SELECT * FROM `%s`", $tableQuestion));
$resultAnswer = $mysqli->query(sprintf("SELECT * FROM `%s`", $tableAnswer));
$template = "<a href=\"answer.php?name=%s&subject=%s&grade=%s\">%s</a>";
while ( $rowQuestion = $resultQuestion->fetch_assoc() ) {
printf($resultAnswer, $name, $rowQuestion['Subject'], $grade, $rowQuestion['Subject']);
while ( $rowAnswer = $resultAnswer->fetch_assoc() ) {
if ($rowAnswer['name'] == $name && $rowAnswer['subject'] == $rowQuestion['Subject']) {
echo "success";
}
}
}
Variable names in PHP are case sensitive.
You define: $answers ="answers" ;
but use "select * from $ANSWERS "
$answers is not $ANSWERS
May be I mistake, but you should do so:
$queryText1 = "SELECT * FROM " + $probably_needed;
$queryText1 = "SELECT * FROM " + $ANSWERS;
$query = mysql_query($queryText1) or die(mysql_error());
$otherquery = mysql_query($queryText1) or die (mysql_error()) ;
Other words, you should concatenate string and variable.