hawaii233 Posted October 22, 2005 Share Posted October 22, 2005 hi, last question for today, I promise I've got a column name in a table according to a variable in the URL. Can I include this into a query like SELECT '$variable' FROM... Is this right? As the whole thing is in an array I'm totally confused when it comes how to write the result of the array .... $row[".$variable."] ... is wrong right? I dont get the "'. stuff right.. did the search function but couldnt find an answer... can anybody help? Quote Link to comment Share on other sites More sharing options...
daiwa Posted October 22, 2005 Share Posted October 22, 2005 go to the source read the manual. you can't go wrong with the manual. yes you can do $Query = "SELECT `$Variable` FROM `SomeTable` WHERE 1"; OR for arrays you can do this $Query = "SELECT `$Array[key]` FROM `SomeTable` WHERE 1"; (no ' inside of a " enclosed string) OR $Query = 'SELECT `'.$Array['key'].'` FROM `SomeTable` WHERE 1'; OR $Query = "SELECT `".$Array['key']."` FROM `SomeTable` WHERE 1"; OR lots of other stuff i'm sure the key points being here that you don't put ' inside of [] if you are inside of a string (with " obviously, because ' doesn't parse the string). another key point that most people don't say to newb while helping them is VERIFY YOUR INPUT!! you can't go around sticking variable inside SQL queries if those strings are not sanitized. do something like $SanitizedVAR = mysql_real_escape_string($var); then use the sanitized var in your queries. then again your colum name shouldn't be set by the user but u never know Quote Link to comment Share on other sites More sharing options...
hawaii233 Posted October 24, 2005 Author Share Posted October 24, 2005 checked the manual and with your help got it working, ...almost. I keep on trying... thks for your help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.