Posted by Andy Hassall on 08/30/06 21:35

On 30 Aug 2006 14:14:27 -0700, "nephish" <nephish@gmail.com> wrote:

>can anyone tell me if this is legal php/mysql ?

Did you try running it?

>i am trying to write a simple function to get a single stat from a
>single table.
>
>$field = 'phone_number';
>$customer = 'fred';
>
>$query = mysql_query("SELECT `'{$field}'` FROM `customers` WHERE `name`
>= '{$fred}' ");
>// note the back quotes around $field

The single quotes inside the back quotes will break it.

>or is this an accident waiting to happen ?

Probably, yes; depends where the data from the $field and $customer variables
comes from.


--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

• Next in forum: Re: Need php help? Check http://phphelp.woohoow.net
• Prev in forum: question about passing field name in sql statement as variable.
• Thread view: Re: question about passing field name in sql statement as variable.

[Reply to this message]