Reply to Re: question about passing field name in sql statement as variable.

Your name:

Reply:


Posted by nephish on 08/30/06 22:56

Jerry Stuckle wrote:
> nephish wrote:
> > Andy Hassall wrote:
> >
> >>On 30 Aug 2006 14:14:27 -0700, "nephish" <nephish@gmail.com> wrote:
> >>
> >>
> >>>can anyone tell me if this is legal php/mysql ?
> >>
> >> Did you try running it?
> >>
> >>
> >>>i am trying to write a simple function to get a single stat from a
> >>>single table.
> >>>
> >>>$field = 'phone_number';
> >>>$customer = 'fred';
> >>>
> >>>$query = mysql_query("SELECT `'{$field}'` FROM `customers` WHERE `name`
> >>>= '{$fred}' ");
> >>>// note the back quotes around $field
> >>
> >> The single quotes inside the back quotes will break it.
> >>
> >>
> >>>or is this an accident waiting to happen ?
> >>
> >> Probably, yes; depends where the data from the $field and $customer variables
> >>comes from.
> >>
> >>
> >>--
> >>Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
> >>http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
> >
> >
> > thanks for the quick reply,
> >
> >> Did you try running it?
> >
> > yep, didn't work. i think the quotes did broke it it too. I got this:
> > Warning: mysql_fetch_row(): supplied argument is not a valid MySQL
> > result resource in
> > yadda yadda.
> > Tried it without the quotes and got a blank page.
> > i dont get that because i know the values are there.
> > so, will go ahead and make the individual queries.
> >
> > thanks for your time.
> > sk
> >
>
> What does mysql_error() say when it fails?
>
> ALWAYS check the results from a mysql call. In the case of mysql_query,
> a return of false indicates an error in the query.
>
> Try echoing the sql string before executing it - see if it's what you
> think it is.
>
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================

wow, echo the query string. in a year of learning / using php and mysql
i swear i have never thought of that. Good result too. It wasn't
exactly what i thought. There was an extra space in the customer name.
thanks.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация