MySQL syntax error in SELECT query

Question

My code:

$fileid = $_GET['imgid'];
$fileid = (int)$fileid; //id is int type in photos table

require 'database.php';

//get the image sourc name

$q = "SELECT src form photos WHERE id='$fileid'";
$result = $mysqli->query($q) or die(mysqli_error($mysqli));

if ($result) 
{
    $row = $result->fetch_object();
    $filename = $row->src;

ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'photos WHERE id='12'' at line 1

score 5 · Answer 1 · edited May 23 '17 at 12:15

5

You have FROM misspelled. Try:

$q = "SELECT src FROM photos WHERE id='$fileid'";

~~In addition, while not related to this syntax error, note that your code appears to be vulnerable to SQL Injection.~~

edited May 23 '17 at 12:15

Community

1
1

answered Aug 02 '10 at 10:50

Daniel Vassallo

312,534
70
486
432

it only appears to be, until you look at line 2 ;) – Mchl Aug 02 '10 at 10:55
@Col: Oops, you're right. Didn't notice it's being cast to an `int`. – Daniel Vassallo Aug 02 '10 at 10:55
@Col. Yep the cast to int will prevent that whether by accident or design. – Martin Smith Aug 02 '10 at 10:55
Yep, my bad :) ... fixed the answer. – Daniel Vassallo Aug 02 '10 at 10:56

MySQL syntax error in SELECT query

1 Answers1