Jump to content


variable column name?

  • Please log in to reply
2 replies to this topic

#1 hawaii233

  • Members
  • Pip
  • Newbie
  • 4 posts

Posted 22 October 2005 - 09:09 PM


last question for today, I promise ;)

I've got a column name in a table according to a variable in the URL.

Can I include this into a query like

SELECT '$variable' FROM...
Is this right?

As the whole thing is in an array I'm totally confused when it comes how to write the result of the array

 ....  $row[".$variable."] ...

is wrong right? I dont get the "'. stuff right.. did the search function but couldnt find an answer... can anybody help?

#2 daiwa

  • Members
  • PipPip
  • Member
  • 21 posts

Posted 22 October 2005 - 10:35 PM

go to the source read the manual. you can't go wrong with the manual.

yes you can do

$Query = "SELECT `$Variable` FROM `SomeTable` WHERE 1";

OR for arrays you can do this

$Query = "SELECT `$Array[key]` FROM `SomeTable` WHERE 1";
(no ' inside of a " enclosed string)


$Query = 'SELECT `'.$Array['key'].'` FROM `SomeTable` WHERE 1';


$Query = "SELECT `".$Array['key']."` FROM `SomeTable` WHERE 1";


lots of other stuff i'm sure the key points being here that you don't put ' inside of [] if you are inside of a string (with " obviously, because ' doesn't parse the string).

another key point that most people don't say to newb while helping them is VERIFY YOUR INPUT!! you can't go around sticking variable inside SQL queries if those strings are not sanitized.

do something like

$SanitizedVAR = mysql_real_escape_string($var);

then use the sanitized var in your queries. then again your colum name shouldn't be set by the user but u never know

#3 hawaii233

  • Members
  • Pip
  • Newbie
  • 4 posts

Posted 24 October 2005 - 07:35 AM

checked the manual and with your help got it working, ...almost.
I keep on trying...

thks for your help!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users