Re: question about passing field name in sql statement as variable.

nephish wrote:
Andy Hassall wrote:

On 30 Aug 2006 14:14:27 -0700, "nephish" <nephish@xxxxxxxxx> wrote:


can anyone tell me if this is legal php/mysql ?

Did you try running it?


i am trying to write a simple function to get a single stat from a
single table.

$field = 'phone_number';
$customer = 'fred';

$query = mysql_query("SELECT `'{$field}'` FROM `customers` WHERE `name`
= '{$fred}' ");
// note the back quotes around $field

The single quotes inside the back quotes will break it.


or is this an accident waiting to happen ?

Probably, yes; depends where the data from the $field and $customer variables
comes from.


--
Andy Hassall :: andy@xxxxxxxxxxx :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool


thanks for the quick reply,

Did you try running it?

yep, didn't work. i think the quotes did broke it it too. I got this:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL
result resource in
yadda yadda.
Tried it without the quotes and got a blank page.
i dont get that because i know the values are there.
so, will go ahead and make the individual queries.

thanks for your time.
sk


What does mysql_error() say when it fails?

ALWAYS check the results from a mysql call. In the case of mysql_query, a return of false indicates an error in the query.

Try echoing the sql string before executing it - see if it's what you think it is.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.

Relevant Pages

  • Re: Timer on a rope
    ... Not sure if this resource will help or not, ... and more specifically for a mechanical timer (dunno if it's suitable or ... Sky, a customer (usual disclaimer, yadda yadda) ... Ultra Ultimate Kitchen Rule - Use the Timer! ...
    (rec.food.equipment)
  • Re: Resource RT_RCDATA (simple question)
    ... It does do for both Frank and myself. ... I imported another one but I wrote "color" for the resource type and this ... It just creates a folder name "color" with the quotes included, ... This gives what I'm looking for but I wanted it under Data folder. ...
    (microsoft.public.vc.mfc)
  • Re: Resource RT_RCDATA (simple question)
    ... It does do for both Frank and myself. ... > I imported another one but I wrote "color" for the resource type and this ... > the resource IDR_COLOR1 with no quotes. ... > This gives what I'm looking for but I wanted it under Data folder. ...
    (microsoft.public.vc.mfc)
  • Re: eVC++ cant detect resolution
    ... The HI_RES_AWARE resource item can be used to override this behavior for legacy applications. ... Rename the item to "HI_RES_AWARE", including quotes. ... When I do the same with eVC++ 4.0, the application only seems to deploy on 240*320 resolution. ...
    (microsoft.public.pocketpc.developer)
  • Re: question about passing field name in sql statement as variable.
    ... Andy Hassall wrote: ... The single quotes inside the back quotes will break it. ... yadda yadda. ...
    (comp.lang.php)