mysql_num_rows() Error

<html>
<form action="update.php" method="POST" name="ID">
<input type="text" name="ID"">
<input type="Submit" value="Submit">
</form>
</html>

Up there is the submit form to get an ID number. I try to get that ID entered by user ( NOTE: It's a number) and show mysql table row coresponding to that ID. Example : User enter 2 and开发者_C百科 row number 2 from database is shown. My problem is that all rows are shown and not only wanted one. - Extra Question : How can I show user an error if he entered a NULL value ?

<?php
    $id=$_POST['ID'];
    .
    .
    .
    mysql_connect($host,$username,$password);

    if (!mysql_select_db($database))
        die("Can't select database");
    $query="SELECT * FROM table WHERE ID= '$id'";
    $result = mysql_query("SELECT * FROM vbots");
    $num=mysql_num_rows($result) or die("Error: ". mysql_error(). " with query ". $query);

    mysql_close();
    .
    .
    .
?>

You're not running your query.

You have this:

$query="SELECT FROM table WHERE ID= '$id'";
$result = mysql_query("SELECT * FROM vbots");

You want this:

$query="SELECT FROM table WHERE ID= '$id'";
$result = mysql_query( $query);

**Insert nag about SQL injection**

It should be this.

<?php
$id=$_POST['ID'];

mysql_connect($host,$username,$password);

if (!mysql_select_db($database))
    die("Can't select database");
$query="SELECT * FROM table WHERE ID= '$id'";
$result = mysql_query($query);
$num=mysql_num_rows($result) or die("Error: ". mysql_error(). " with query ". $query);

mysql_close();
?>

to check if $id is null: if (!isset($id)) die("Enter a value for id!");