Error Sql syntax with phpmyadmin version is 4.0.5

Question

When i run the following query to check username and password, it throws an error.

PHP

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'";
$result=mysql_query($sql);

if($result === false) {
var_dump(mysql_error());}
else {
print_r(mysql_num_rows($amn));
}

Error

[Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given]

Result of var_dump

[You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'update WHERE username='admin' AND password='123456' at line 1' (length=199)]

if($result === false) { var_dump(mysql_error()); } else { print_r(mysql_num_rows($amn)); } — Affan Malik, Aug 05 '13 at 20:01
What is `$tbl_name`? It could be a reserved word, which you would then need to wrap it in backticks - `\``. Or if it is not set, it would also give an error. — Sean, Aug 05 '13 at 20:07
When you state `it throws an error`, it is always a good idea to post the error message. — Sean, Aug 05 '13 at 20:12

score 1 · Accepted Answer · answered Aug 05 '13 at 20:16

update is a reserved word in mysql - http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html.
It would be best to rename your table name. At the very least escape your table name with backticks - ``.

$sql="SELECT * FROM `$tbl_name` WHERE username='$myusername' AND password='$mypassword'";

which parses to -

SELECT * FROM `update` WHERE username='admin' AND password='123456'

Error Sql syntax with phpmyadmin version is 4.0.5

1 Answers1