|
|
Posted by J.O. Aho on 02/05/06 13:13
joeblow wrote:
> Am in the initial stages of development and am receiving the oddest error.
> The field/column names in this particular table (users) are: fname, lname,
> password, level, paid, (and userid).
>
> When I run the following SQL statement from the command line it works fine:
>
> SELECT level FROM users WHERE fname = [firstname] AND lname = [lastname] AND
> password = [password] AND paid = 1;
>
> Yet, when the exact same statement is within a PHP function receiving the
> values as arguments such as:
>
> function userLevel ($f_name, $l_name, $pw, &$userlevel) {
> [connect to database, etc.]
> $sql='SELECT level FROM users WHERE fname = ' . $f_name . ' AND lname = '
> . $l_name . ' AND password = ' . $pw . ' AND paid = 1';
>
> ending with:
> $userlevel=intval($sql);
> return true;
> }
>
> ...I get error #1054: Unknown column 'Joe' in 'where clause'... where "Joe"
> represents the value in $f_name.
>
> I've restructured the statement several times but with no success. Is this a
> bug in MySQL ?
No, not a bug in MySQL but in your PHP script
String in SQL should be single-quoted
$sql='SELECT level FROM users WHERE fname = \'' . $f_name . '\' AND lname =
\'' . $l_name . '\' AND password = \'' . $pw . '\' AND paid = 1';
To make it easier to see, we use double-quotes for the same $sql
$sql="SELECT level FROM users WHERE fname = '" . $f_name . "' AND lname = '" .
$l_name . "' AND password = '" . $pw . "' AND paid = 1";
String that aren't quoted are considered as column names.
//Aho
Navigation:
[Reply to this message]
|