I have this code
$marker = 'werkz'; $sql = "SELECT name, marker FROM sidebar"; $q = $db->query($sql); $q->setFetchMode(PDO::FETCH_ASSOC); while ($r = $q->fetch()) { echo'<option>' . $r[name] . '</option>'; } It works but when I add WHERE marker = $maker; the query fails.
What is the problem?
since you are using PDO, do it like this when passing parameter.
$marker = 'werkz'; $sql = "SELECT name, marker FROM sidebar WHERE marker = ?"; $q = $db->query($sql); $q->bindParam(1, $maker); $q->setFetchMode(PDO::FETCH_ASSOC); while ($r = $q->fetch()) { echo'<option>' . $r[name] . '</option>'; } $market is a string. So you should put it between '
something like ... where marker='".$marker."'";
-1 the user is already using PDO. you are making it vulnerable with SQL injection. don't concatenate the value but instead bind it as parameter.
marker--varchar? It needs to be encapsulated in quotes...