I'm trying to search a MySQL database for the user specific website activity, to do this I created a form and process to search through a statistics table and return every record with a userID matching the query. However I keep getting this message and not sure why:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com' at line 1
This is the form I'm using
<form method='get' action='searchuser.php' id='searchuser'>
<input type='text' input name='txtSearch' id='txtSearch'>
<input type='submit' name='submit' value='Search'>
</form>";
and this is the process file
<?php
require_once( "Functions.php" );
$header = makeHeader();
$con= connect();
$user = $_GET['txtSearch'];
$query = "SELECT * FROM statistics WHERE userID = $user";
$result=mysql_query($query) or die (mysql_error());
echo"<table border='1'><th>User</th><th>IP</th>
<th>Date</th><th>Page visited</th><th>Page from</th>";
while($row = mysql_fetch_assoc($result))
{
$username = $row['userID'];
$ip = $row['ipAddress'];
$date = $row['dateOfVisit'];
$pagev = $row['pageVisited'];
$pagef = $row['pageFrom'];
echo "<tr><td>".$row->UserID."</td><td>".$row->ipAddress."</td><td>".$row->dateOfVisit."</td><td>".
$row->pageVisited."</td><td>".$row->pageFrom . "<br/>
"."</td></tr>";
}
IF (mysql_num_rows($queryresult) == "")
{
Echo "<p>Sorry there were no results for your search<p> <br /><br /> <p><A HREF='javascript:javascript:history.go(-1)'>Click here to go back to previous page</A></p>";
}
$footer = makeFooter();
?>
The SQL problem was with
userID = $user
The correct way of putting a string into sql query is
So. the right code would be
$user = mysql_real_escape_string($user);
$query = "SELECT * FROM statistics WHERE userID = '$user'";
try this one
$user = $_GET['txtSearch'];
$query = "SELECT * FROM statistics WHERE userID = ".$user." ";
this working for me