executing a query based on form text



I'm trying to return the ID of the user name submitted in a form. The form text box is called username and the column is called user_name in the table users. Lets just say that the user name in question is "bubba"

I've got these lines here:

$query = 'SELECT ID FROM users WHERE user_name=' . $_POST['username'] . ' LIMIT 1';
$result = mysql_query ($query);
var_dump ($result);

These lines dump:


I can change the first line to say:

$query = 'SELECT ID FROM stfu_users WHERE user_name="bubba" LIMIT 1';

With this change, the dump is:

resource(3) of type (mysql result)

If I add the lines:

$row = mysql_fetch_array ($result);
print $row['ID'];

I get the ID of the preexisting "bubba" users entry.

So, it appears that it can run the comparison from a direct string, and not a string pulled from a form . . . or at least thats how I see it. Any Ideas?

Why dont you place a print statement after your sql query to check, whether your sql query is as you wanted.

$query = 'SELECT ID FROM users WHERE user_name=' . $_POST['username'] . ' LIMIT 1';

print $query;



I'm getting:

SELECT ID FROM users WHERE user_name=bubba

Instead of:

SELECT ID FROM users WHERE user_name="bubba"

I've got to figure out how to get the quotations.
user_name="' . $_POST['username'] . '" LIMIT 1
this works . . . . sometimes you just need to go to bed, I think.

Now I just have to figure out how to compare it to a lack of an entry.