-3

Possible Duplicate:
Php $_GET method

when I enter this link 

http://www.LiveChat.com/php/chatBody.php?chat_members_code=9BYELZ0WxdQr4An

I get this error and i don't know why:

Unknown column '9BYELZ0WxdQr4An' in 'where clause'

Here is the code:

$sql = "SELECT * FROM chat WHERE chat_members_code = " . mysql_real_escape_string($_GET['chat_members_code']);
$chat = mysql_query($sql);
if(!$chat) {
echo mysql_error();
}else {


while($row = mysql_fetch_array($chat)) {

$chat_id = $row['id'];
$user_1_id = $row['user_1_id'];
$user_1_fullname = $row['user_1_fullname'];
$user_1_username = $row['user_1_username'];
$user_2_id = $row['user_2_id'];
$user_2_fullname = $row['user_2_fullname'];
$user_2_username = $row['user_2_username'];
$chat_body = $row['chat_body'];
$chat_members_code = $row['chat_members_code'];
$chat_time = $row['chat_time'];
$chat_date = $row['chat_date'];
$chat_datetime = $row['chat_datetime'];
}
}

do anyone know where is th error?

Community
  • 1
  • 1
Maroon Saed
  • 1
  • 2
  • The quotes, they are useful to delimit a string. – raina77ow Feb 02 '13 at 22:23
  • 1
    You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). – Quentin Feb 02 '13 at 22:24

1 Answers1

5

You forgot to wrap your value in quotes:

$sql = "SELECT * FROM chat WHERE chat_members_code = '" . mysql_real_escape_string($_GET['chat_members_code']) . "'";
John Conde
  • 212,985
  • 98
  • 444
  • 485
  • This kind of mistake demonstrates why `mysql_query` should **not** be used in new application code. It's just too easy to get wrong. – tadman Feb 02 '13 at 22:42