Untitled

<?php

error_reporting(-1);
ini_set('display_errors', 1);

$serverName = "";
$userName = "";
$password = "";
$dbName = "";

$isPHPAuth = false;

try
{
	$myPDO = new PDO("mysql:host=$serverName;dbname=$dbName;charset=latin1", $userName, $password);
	$myPDO->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	$isPHPAuth = true;
}

catch(exception $e)
{
	echo("Unable to Connect" . $e->getMessage());
}

if ($isPHPAuth)
{
	try
	{
		if (isset($_GET["selection"]))
		{
		      $username = $_GET['username'];

					$stm = $myPDO->prepare("SELECT * FROM mediasystem_purchases WHERE customer name == :parameter;");
					$stm->bindParam(':parameter', $username, PDO::PARAM_STR); // injection protection way of using variables in statements
					$stm->execute();

					while($result = $stm->fetch(PDO::FETCH_ASSOC))
					{
						print('ID: '$result['id']);

					}
		}
		else
		{
			echo("ERROR: GET NOT SET...");
		}
	}
	Catch(Exception $e)
	{
		echo("statement error: " . $e->getMessage());
	}
}
?>