Jump to content

Archived

This topic is now archived and is closed to further replies.

hawaii233

variable column name?

Recommended Posts

hi,

 

last question for today, I promise ;)

 

I've got a column name in a table according to a variable in the URL.

 

Can I include this into a query like

 

SELECT '$variable' FROM...

Is this right?

 

As the whole thing is in an array I'm totally confused when it comes how to write the result of the array

 

....  $row[".$variable."] ...

 

is wrong right? I dont get the "'. stuff right.. did the search function but couldnt find an answer... can anybody help?

Share this post


Link to post
Share on other sites

go to the source read the manual. you can't go wrong with the manual.

 

yes you can do

 

$Query = "SELECT `$Variable` FROM `SomeTable` WHERE 1";

 

OR for arrays you can do this

 

$Query = "SELECT `$Array[key]` FROM `SomeTable` WHERE 1";

(no ' inside of a " enclosed string)

 

OR

 

$Query = 'SELECT `'.$Array['key'].'` FROM `SomeTable` WHERE 1';

 

OR

 

$Query = "SELECT `".$Array['key']."` FROM `SomeTable` WHERE 1";

 

OR

 

lots of other stuff i'm sure the key points being here that you don't put ' inside of [] if you are inside of a string (with " obviously, because ' doesn't parse the string).

 

another key point that most people don't say to newb while helping them is VERIFY YOUR INPUT!! you can't go around sticking variable inside SQL queries if those strings are not sanitized.

 

do something like

 

$SanitizedVAR = mysql_real_escape_string($var);

 

then use the sanitized var in your queries. then again your colum name shouldn't be set by the user but u never know

Share this post


Link to post
Share on other sites

checked the manual and with your help got it working, ...almost.

I keep on trying...

 

thks for your help!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.