Hi yuri tan,
First of all, a warm welcome to CodeRanch!
yuri tan wrote: :(
That's not how
you should ask a question on a forum! The more information you provide, the easier it is for people to answer your questions (and the more useful the answers will be). You should always
TellTheDetails. And
here you'll find how you should ask questions on CodeRanch.
Based on the code snippet you have posted, I can already provide 2 remarks:
1/ you should always use prepared statements wherever possible to avoid SQL injection attacks (like Tim's post illustrates). You can find more info on SQL injection
here and on prepared statements
here.
2/ there's an error in the
WHERE clause: to combine different conditions you should use
AND or
OR, not a comma. So it should be
As you can see, I've already introduced the appropriate syntax to use a prepared statement :)
Hope it helps!
Kind regards,
Roel