I need some help with this! I´m passing multiple variables through URL and on the landing page I have this in my code:
str = "
SELECT
*
FROM wp_usermail
WHERE ID= ".@$_GET['ID']"& Till=".@$_GET['Till'];
I want to be more accurate to select the right information from the database so both ID and Till needs to be correct otherwise you cant see the content on the page.
Right now I get parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING
Replace it with this:
$str = "
SELECT
*
FROM wp_usermail
WHERE ID = '" . mysql_real_escape_string ($_GET ['ID']) . "' AND Till = '" . mysql_real_escape_string ($_GET ['Till']) . "'";
You were missing the $ in the variables' name, multiple .s, correct quotes around your variables and you didn't escape the input, which you should always do for security.
One more thing: you should stop using the mysql_* functions and start using either mysqli or PDO, since mysql_* are now deprecated.
you are missing the $ in variable name.