Error in SQL syntax - mysqli_real_escape_string

Asked

Viewed 109 times

0

I have a syntax error in my code, but I can’t find my error.
That’s the mistake I’m getting:

You have an error in your SQL syntax; check the manual that Corresponds to your Mysql server version for the right syntax to use near 'Where categoria= 'Hydrosanitary'' at line 1

My code:

$teste=mysqli_real_escape_string($conexao,$id);
$sql2 = "SELECT * FROM `downloads`  order by datacadastro DESC  where `categoria`= '".$teste."'";

I have looked in several places and the closest answer to my problem I found was to put the $teste the way I already put it in the code above.

php mysql mysqli sql-injection

2 answers

2


Follow the block, putting first the search terms, and only then you must specify how you want to present them.

SELECT * FROM tabela_ ORDER BY campo1 ASC

This consultation of yours SQL can be written in several ways, although there are more appropriate methods for each situation.

In this first form, simply break the quotation marks, and insert the variable where it should be:

$sql2 = "SELECT * FROM `downloads` where `categoria`= '".$teste."' order by datacadastro DESC";

You can also interpolate strng by typing the variable into braces {}:

$sql2 = "SELECT * FROM `downloads` where `categoria`= '{$teste}' order by datacadastro DESC";

There are several other ways to write a query SQL.

If the test variable is an integer (int) I recommend you write it without the simple quotation marks ('').

0

I believe the problem is in select, I think order by has to be after the Where clause:

$sql2 = "SELECT * FROM `downloads` where `categoria`= '".$teste."' order by datacadastro DESC";

Browser other questions tagged php mysql mysqli sql-injection

You are not signed in. Login or sign up in order to post.