escape_string(trim($_POST['tableName'])); $table_fields = $dbs->escape_string(trim($_POST['tableFields'])); if (isset($_POST['id']) AND !empty($_POST['id'])) { $id = $dbs->escape_string(trim($_POST['id'])); } else { die('No ID Supplied!'); } // sql string $sql_string = "SELECT $table_fields FROM $table_name WHERE $table_fields='$id' LIMIT 1"; // send query to database $query = $dbs->query($sql_string); $error = $dbs->error; if ($error) { die('SQL ERROR : '.$error); } if ($query->num_rows > 0) { echo 'ID Already exists! Please use another ID'; } else { // output the SQL string echo 'ID Available'; }