“SELECT * FROM table WHERE id = $_POST[ ‘id’ ]”
Don’t use user input in queries without sanatizing it first (and validating it too if needed).
If you’re using mysqli_ or pdo (as you should because the mysql_ extension is deprecated) then take a look at prepared statements: http://www.php.net/manual/en/mysqli.prepare.php
Beside what guido2004 mentioned, avoid calling all table fields(*) and single quote values in query and add bracket if it’s an array[‘key’] value.
"SELECT * FROM table WHERE id = '{$_POST[ 'id' ]}'"
Leaving aside the sanitizing stuff, the reason your string is not valid php is because you can’t put quotes around an array key when inside of double quotes.
This works:
$_POST['id'] = 27;
$sql = "SELECT * FROM table WHERE id = $_POST[id]";
echo $sql;
$id=trim($_POST[“id”]);
$then=“SELECT * FROM tablename WHERE id=$id”;
$count=mysql_num_rows($bbbb);
echo $count.‘<br>’;
Thanks for your nice reply