Oh a few quick things. First, you can use substr to break up the phone instead of grabbing characters- might be a little easier to read long term. Secondly, mysql_real_escape_string will return the cleaned string, but doesn't change the original variable. So you'll need $phn = mysql_real_escape_string($phn); Thirdly anytime you use a single quote the strong is interpreted literally. You'll want to switch out the single quotes with double quotes, and then wrap $phn in single quotes in order to not break your query. "Select ... Where phn = '$phn'" I'd also really suggest looking at using PDO or even the mysqli extension tho instead of just plain mysql (believe this has been deprecated). Sorry for the quick reply, on mobile. But feel free to email me directly and I'll be happy to help out more. - Mike Sent from my iPhone > On Jun 16, 2014, at 7:58 PM, Ethan Rosenberg <erosenberg@xxxxxxxxxxxxxxxxxxxx> wrote: > > Dear List - > > I have the following code: > > The input from the form is a 10 digit string [1234567890] which is converted to phone number format [123-456-7890] > > $phn = $_POST[phone]; > $phn = (string)$phn; > $dsh = '-'; > $Phn = $phn[0].$phn[1].$phn[2].$dsh.$phn[3].$phn[4].$phn[5].$dsh.$phn[6].$phn[7].$phn[8].$phn[9]; > echo $Phn; // this is folded by Thunderbird. In the script, it is //all on one line > > mysql_real_escape_string($Phn); > $sql1 ='select Lname, Fname from Customers where Phone = $Phn '; > echo $sql1; //this always shows $phn as Phn and not as a numerical //string. > $result1 = mysqli_query($cxn, $sql1); > > TIA > > Ethan > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php