Why my query is not working?

my website has PHP command:

mysql_query("SELECT * FROM users WHERE id=" . $_GET["id"]) or die(mysql_error());

When I enter URL

http://example.com/index.php?id=1;%20UPDATE%20users%20SET%开发者_如何转开发20password=123%20WHERE%20id=1

I get following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE users SET password=abc WHERE id=1' at line 1

But in phpmyamin query executes successfully. What's wrong here? Why it doesn't execute in browser?

"mysql_query() sends a unique query (multiple queries are not supported) "

If you're INTENDING to allow mysql injection like that, mysql_query won't like it. If you aren't, mysql_real_escape_string($_GET["id"]); to prevent the 'injection'

mysql_query() doesn't support multiple queries in a single call (which you are trying to inject):

SELECT * FROM users WHERE id=1;
UPDATE users SET password=abc WHERE id=1

Hence the "syntax error".

Now go protect that query.