So I have a php file called extract_values.php . In it I have the next codes : <?php require_once('config.php'); $requestSQL = 'SELECT * FROM database WHERE username=$user'; $result = mysql_query($requestSQL); while ($rand = mysql_fetch_array($result)) { echo $rand['specificrow']; } ?> Code (markup): Now here's the catch , I want $user to be setted from outside , something like this : $user = $_GET['user']; Code (markup): and ofcourse , I will set the user from the url : website.com/extract_values.php?user=batman Code (markup): so that the php will extract FROM database WHERE username=batman . So what's the problem ? I don't know ( well .. it doesn't work ) how to format the $user in that php code to select from Mysql . The next code doesn't work : $requestSQL = 'SELECT * FROM database WHERE username=$user'; Code (markup): it could be because I need something like .$name. or what ?
$requestSQL = "select * from database where username = '" . mysql_real_escape_string($_GET['user']) . "'";
Thanks ! It worked with SmallPotatoes code @ActiveFrost : I think I tryed that one but it didn't work ... thank you also.
What I wrote is exactly how PHP/MySQL works ! It can't fail ( in case if it does, your server is too old to handle it ).
ActiveFrost: You didn't guard the string literal in the query ($user) against special characters. Will fail with some values of $user, and also it's bad security practice.