PHP and MYSQL - Querying A Variable -

ok, have php $_post['username'] variable , need query on user via mysql. problem keeps throwing me errors.

something

$user = $_post['username']; $query = mysql_query("select * user username = $user"); 

i've tried

$query = mysql_query("select * user username = `$user`"); $query = mysql_query("select * user username = ".$user); 

not sure i'm doing wrong.

your problem strings in sql need enclosed in single quotes.

the preferable approach use pdo. sprintf (along mysql_real_escape_string) better interim approach posted:

$query = sprintf("select u.*                      user u                    u.username = '%s'",                   mysql_real_escape_string($_post['username']));  $result = mysql_query($query); 

lest forget little bobby tables ;)