Posted by J.O. Aho on 02/05/06 13:13

joeblow wrote:
> Am in the initial stages of development and am receiving the oddest error.
> The field/column names in this particular table (users) are: fname, lname,
> password, level, paid, (and userid).
>
> When I run the following SQL statement from the command line it works fine:
>
> SELECT level FROM users WHERE fname = [firstname] AND lname = [lastname] AND
> password = [password] AND paid = 1;
>
> Yet, when the exact same statement is within a PHP function receiving the
> values as arguments such as:
>
> function userLevel ($f_name, $l_name, $pw, &$userlevel) {
> [connect to database, etc.]
> $sql='SELECT level FROM users WHERE fname = ' . $f_name . ' AND lname = '
> . $l_name . ' AND password = ' . $pw . ' AND paid = 1';
>
> ending with:
> $userlevel=intval($sql);
> return true;
> }
>
> ...I get error #1054: Unknown column 'Joe' in 'where clause'... where "Joe"
> represents the value in $f_name.
>
> I've restructured the statement several times but with no success. Is this a
> bug in MySQL ?

No, not a bug in MySQL but in your PHP script

String in SQL should be single-quoted


$sql='SELECT level FROM users WHERE fname = \'' . $f_name . '\' AND lname =
\'' . $l_name . '\' AND password = \'' . $pw . '\' AND paid = 1';


To make it easier to see, we use double-quotes for the same $sql

$sql="SELECT level FROM users WHERE fname = '" . $f_name . "' AND lname = '" .
$l_name . "' AND password = '" . $pw . "' AND paid = 1";


String that aren't quoted are considered as column names.


//Aho

[Back to original message]