Re: question about passing field name in sql statement as variable.


Jerry Stuckle wrote:
nephish wrote:
Andy Hassall wrote:

On 30 Aug 2006 14:14:27 -0700, "nephish" <nephish@xxxxxxxxx> wrote:


can anyone tell me if this is legal php/mysql ?

Did you try running it?


i am trying to write a simple function to get a single stat from a
single table.

$field = 'phone_number';
$customer = 'fred';

$query = mysql_query("SELECT `'{$field}'` FROM `customers` WHERE `name`
= '{$fred}' ");
// note the back quotes around $field

The single quotes inside the back quotes will break it.


or is this an accident waiting to happen ?

Probably, yes; depends where the data from the $field and $customer variables
comes from.


--
Andy Hassall :: andy@xxxxxxxxxxx :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool


thanks for the quick reply,

Did you try running it?

yep, didn't work. i think the quotes did broke it it too. I got this:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL
result resource in
yadda yadda.
Tried it without the quotes and got a blank page.
i dont get that because i know the values are there.
so, will go ahead and make the individual queries.

thanks for your time.
sk


What does mysql_error() say when it fails?

ALWAYS check the results from a mysql call. In the case of mysql_query,
a return of false indicates an error in the query.

Try echoing the sql string before executing it - see if it's what you
think it is.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

wow, echo the query string. in a year of learning / using php and mysql
i swear i have never thought of that. Good result too. It wasn't
exactly what i thought. There was an extra space in the customer name.
thanks.

.

Relevant Pages

  • Re: PHP scripts and IE
    ... > But it saves you having to think of whether to use single quotes or not. ... Single quotes mean that the content will be printed as-is. ... Thus single quoted strings are processed faster. ... would be the best solution IMO (although you might want to make it ...
    (alt.php)
  • Re: Closing Delimiter error
    ... When building a sql string, if you are using the single quote as the string ... delimiter, then you must use double single quotes inside it; ... double quotes, you must use double double quotes. ... I tried using double double quotes in place of the single quotes ...
    (microsoft.public.access.adp.sqlserver)
  • Re: update hyperlink through query
    ... I tried it with double quotes first but someone told me single quotes ... My name's common all over the world. ... I have created a table in a database that contains hyperlinks pointing ...
    (microsoft.public.access.queries)
  • Re: nesting JS in echos
    ... converted from html to php. ... syntax of the single quotes and double quotes needed in the ...
    (comp.lang.php)
  • Re: br html line breaks and htmlentitities
    ... when reading user-supplied input I use 'addslashes' ... display, and so single quotes are not visually escaped, ...
    (comp.lang.php)