Click here to Skip to main content
15,742,973 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
if (isset($_POST['submit'])){
$query="SELECT id, name, gener, yearofprodction, opinion FROM movie_info WHERE name=.'$NAME';";
$resultcheck= mysqli_num_rows($result);
if ($resultcheck > 0 );
while ($row =mysqli_fetch_assoc($result)) {
echo 'Name :'.$row['name'].'
'.'Gener :'.
'.'Year of prodction :'.
'.'Your opinion :'

What I have tried:

I maked a connection with database and shered it and it still tell there an error in the $query statment I need help
Updated 17-Feb-23 22:15pm
Richard Deeming 20-Feb-23 6:15am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

1 solution

You should remove the dot at name=.'$NAME'. Also you creatre the variable $NAME2, but in the SQL statement you use $NAME, which is not declared anywhere.
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900