MySql Unknown column in where

I am a beginner and try to have a very simple messaging system. every thing is managed via the ID's of the users..

So if someone types the username of a person i have to convert it into the person's id:

$res_name = $_POST["res_name"];
    $res_id = userToId($res_name);

This function looks like this:

function userToId($username) {
    $data = array();
    $func_get_args = func_get_args();

    if($func_num_args = 1)
    {
    $res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = `$username`") or die(mysql_error());
    $data = mysql_fetch_assoc($res);
    }
    return $data['id'];
}

it doesn't work, in fact it can't find a username even if it's existing..

the error is for example:

Unknown column 'testperson' in 'where clause'

the user exists, hope you can help me :) ps: I know I shouldn't use mysql_* but i haven' learned the better version.. ;)

Answers


When using backticks around your variable then it will be considered as column

thats why you got that error Unknown column 'testperson' in 'where clause'

you should use this (you should escape your variable to prevent sql injection)

 $username = mysql_real_escape_string($username);
 $res = mysql_query("SELECT id FROM `z_network_users` 
        WHERE `username` = '$username' ") or die(mysql_error());

or this

 $username = mysql_real_escape_string($username);
 $res = mysql_query("SELECT id FROM `z_network_users` 
        WHERE `username` = '".$username."' ") or die(mysql_error());

try that function:

 function userToId($username) {

   $func_get_args = func_get_args();
    $username = mysql_real_escape_string($username);
   if($func_num_args == 1)
{
   $res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = '$username' ") or die(mysql_error());
   $row = mysql_fetch_assoc($res);

}
  return $row['id'];
}

You should not use around yourvalue` I think.


"SELECT id FROM `z_network_users` WHERE `username` = '$username'"

this will fix your query BUT mysql_* functions are deprecated, so you should avoid using them. Try mysqli or PDO instead.


You should not be backticking the entries

$res = mysql_query("SELECT id FROM `z_network_users` WHERE `username` = '$username'") or die(mysql_error());

You only quote column names with backticks.

WHERE `username` = `$username`

This makes $username into a column name. You want a string instead:

WHERE `username` = '$username'

Also definitely see The Great Escapism (Or: What You Need To Know To Work With Text Within Text).


you have not any column but

WHERE `username` = `$username`"

but $username understanding as a column so remove `` from $username and put single quote to it like '$username'


I think your query return more then 1. you need to use mysql_num_rows() to get one record. Thats why it doesn't work.


Need Your Help

Django CMS custom plugin Error

django django-models django-cms

Am tryong to create a custom plugin using ckeditor,but while adding this plugin to cms page its shows following errors: