Jump to content

Recommended Posts

hi,

 

last question for today, I promise ;)

 

I've got a column name in a table according to a variable in the URL.

 

Can I include this into a query like

 

SELECT '$variable' FROM...

Is this right?

 

As the whole thing is in an array I'm totally confused when it comes how to write the result of the array

 

....  $row[".$variable."] ...

 

is wrong right? I dont get the "'. stuff right.. did the search function but couldnt find an answer... can anybody help?

Link to comment
https://forums.phpfreaks.com/topic/2714-variable-column-name/
Share on other sites

go to the source read the manual. you can't go wrong with the manual.

 

yes you can do

 

$Query = "SELECT `$Variable` FROM `SomeTable` WHERE 1";

 

OR for arrays you can do this

 

$Query = "SELECT `$Array[key]` FROM `SomeTable` WHERE 1";

(no ' inside of a " enclosed string)

 

OR

 

$Query = 'SELECT `'.$Array['key'].'` FROM `SomeTable` WHERE 1';

 

OR

 

$Query = "SELECT `".$Array['key']."` FROM `SomeTable` WHERE 1";

 

OR

 

lots of other stuff i'm sure the key points being here that you don't put ' inside of [] if you are inside of a string (with " obviously, because ' doesn't parse the string).

 

another key point that most people don't say to newb while helping them is VERIFY YOUR INPUT!! you can't go around sticking variable inside SQL queries if those strings are not sanitized.

 

do something like

 

$SanitizedVAR = mysql_real_escape_string($var);

 

then use the sanitized var in your queries. then again your colum name shouldn't be set by the user but u never know

Link to comment
https://forums.phpfreaks.com/topic/2714-variable-column-name/#findComment-9054
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.