Posted by nephish on 08/30/06 22:20

Andy Hassall wrote:
> On 30 Aug 2006 14:14:27 -0700, "nephish" <nephish@gmail.com> wrote:
>
> >can anyone tell me if this is legal php/mysql ?
>
> Did you try running it?
>
> >i am trying to write a simple function to get a single stat from a
> >single table.
> >
> >$field = 'phone_number';
> >$customer = 'fred';
> >
> >$query = mysql_query("SELECT `'{$field}'` FROM `customers` WHERE `name`
> >= '{$fred}' ");
> >// note the back quotes around $field
>
> The single quotes inside the back quotes will break it.
>
> >or is this an accident waiting to happen ?
>
> Probably, yes; depends where the data from the $field and $customer variables
> comes from.
>
>
> --
> Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
> http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

thanks for the quick reply,
> Did you try running it?
yep, didn't work. i think the quotes did broke it it too. I got this:
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL
result resource in
yadda yadda.
Tried it without the quotes and got a blank page.
i dont get that because i know the values are there.
so, will go ahead and make the individual queries.

thanks for your time.
sk

[Back to original message]