MySQL: Unknown column in where clause error

php mysql sql mysql-error-1054
user169551 picture user169551 · Sep 26, 2009 · Viewed 61.8k times · Source

I have a PHP script and for some reason mysql keeps treating the value to select/insert as a column. Here is an example of my sql query:

$query = mysql_query("SELECT * FROM tutorial.users WHERE (uname=`".mysql_real_escape_string($username)."`)") or die(mysql_error());

That turns into:

SELECT * FROM tutorial.users WHERE (uname=`test`)

The error was:

Unknown column 'test' in 'where clause'

I have also tried:

SELECT * FROM tutorial.users WHERE uname=`test`

Answer

tpdi picture tpdi · Sep 26, 2009

In MySql, backticks indicate that an indentifier is a column name. (Other RDBMS use brackets or double quotes for this).

So your query was, "give me all rows where the value in the column named 'uname' is equal to the value in the column named 'test'". But since there is no column named test in your table, you get the error you saw.

Replace the backticks with single quotes.

Related questions

Unknown column in 'field list' error on MySQL Update query

i echoed the query below: (query is safe) UPDATE otelozellik SET isim_tr='test', aciklama_tr='<p>test1</p>', uyari_tr='test', tag_tr='test' WHERE id='1' Database Error: Unknown column 'aciklama_…

Read More
How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's …

Read More
MySQL query String contains

I've been trying to figure out how I can make a query with MySQL that checks if the value (string $haystack ) in a certain column contains certain data (string $needle), like this: mysql_query(" SELECT * FROM `table` WHERE `column`.contains(…

Read More