there are a few things wrong here, the first of which is that you're not using PDO for database access, http://jream.com/learning/videos/php-oo ... o-examples
is a quick video example of PDO in action. That said, your query is bad.
$query = "SELECT * from Members WHERE FirstName".$_POST['Value1']."'";
//stores this value into $query for when $_POST['Value1'] is Fred:
// SELECT * from Members WHERE FirstNameFred'
To fix it, just make sure you're creating a valid query. You also want to make sure to protect yourself from potential sql injection etc, and PDO makes that easier too. If you just want to fix this script without adding any extra protection, or improving your code with PDO (or even mysqli functions) then change that line to read:
Code: Select all
$query = "SELECT * from Members WHERE FirstName='" . $_POST['Value1'] . "'";
***edit*** apparently i can't underline in a code box, removed extra formatting tags