Reply to Re: question about passing field name in sql statement as variable. — PHP Programming Language

Posted by Andy Hassall on 08/30/06 21:35

On 30 Aug 2006 14:14:27 -0700, "nephish" <nephish@gmail.com> wrote:

>can anyone tell me if this is legal php/mysql ?

Did you try running it?

>i am trying to write a simple function to get a single stat from a
>single table.
>
>$field = 'phone_number';
>$customer = 'fred';
>
>$query = mysql_query("SELECT `'{$field}'` FROM `customers` WHERE `name`
>= '{$fred}' ");
>// note the back quotes around $field

The single quotes inside the back quotes will break it.

>or is this an accident waiting to happen ?

Probably, yes; depends where the data from the $field and $customer variables
comes from.

--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация