HTML CODE <form name="test" action="" > <input type="text" name="uname" /> <input type="submit" name="submit" /> </form>
php code
$uname = fRequestget('uname'); $db-query("select FROM member where uname='".$uname."'"); its give error when $uname = xyz'x ( its always give error with single quotes value ).
MySQL error (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near string_0x:string_1ssss' at line 2) in SELECT * FROM member WHERE uname=:string_1ssss'