Re: question about passing field name in sql statement as variable.

---

• From: "nephish" <nephish@xxxxxxxxx>
• Date: 30 Aug 2006 15:20:56 -0700

---

Andy Hassall wrote:

On 30 Aug 2006 14:14:27 -0700, "nephish" <nephish@xxxxxxxxx> wrote:

can anyone tell me if this is legal php/mysql ?

Did you try running it?

i am trying to write a simple function to get a single stat from a
single table.

$field = 'phone_number';
$customer = 'fred';

$query = mysql_query("SELECT `'{$field}'` FROM `customers` WHERE `name`
= '{$fred}' ");
// note the back quotes around $field

The single quotes inside the back quotes will break it.

or is this an accident waiting to happen ?

Probably, yes; depends where the data from the $field and $customer variables
comes from.


--
Andy Hassall :: andy@xxxxxxxxxxx :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

thanks for the quick reply,

Did you try running it?

yep, didn't work. i think the quotes did broke it it too. I got this:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL
result resource in
yadda yadda.
Tried it without the quotes and got a blank page.
i dont get that because i know the values are there.
so, will go ahead and make the individual queries.

thanks for your time.
sk

.

---

• Follow-Ups:
  • Re: question about passing field name in sql statement as variable.
    • From: Jerry Stuckle

• References:
  • question about passing field name in sql statement as variable.
    • From: nephish
  • Re: question about passing field name in sql statement as variable.
    • From: Andy Hassall

• Prev by Date: Re: Serving a website based on source internet address ?
• Next by Date: Re: question about passing field name in sql statement as variable.
• Previous by thread: Re: question about passing field name in sql statement as variable.
• Next by thread: Re: question about passing field name in sql statement as variable.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: PHP scripts and IE ... > But it saves you having to think of whether to use single quotes or not. ... Single quotes mean that the content will be printed as-is. ... Thus single quoted strings are processed faster. ... would be the best solution IMO (although you might want to make it ... (alt.php) Re: update hyperlink through query ... I tried it with double quotes first but someone told me single quotes ... My name's common all over the world. ... I have created a table in a database that contains hyperlinks pointing ... (microsoft.public.access.queries) Re: nesting JS in echos ... converted from html to php. ... syntax of the single quotes and double quotes needed in the ... (comp.lang.php) Re: br html line breaks and htmlentitities ... when reading user-supplied input I use 'addslashes' ... display, and so single quotes are not visually escaped, ... (comp.lang.php) Re: Sending PHP variables through echo " " ... First error: using single quotes instead of double quotes. ... RTFM on the string type, specially on the subject of variable expansion. ... (comp.lang.php)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

coding.derkeiler.com  > Archive  > PHP  > comp.lang.php  > 2006-08