Posted by joeblow on 02/05/06 18:29

Wonderful!! Thank you very much!

"J.O. Aho" <user@example.net> wrote in message
news:44m4v3F2qm0mU1@individual.net...
> joeblow wrote:
> > Am in the initial stages of development and am receiving the oddest
error.
> > The field/column names in this particular table (users) are: fname,
lname,
> > password, level, paid, (and userid).
> >
> > When I run the following SQL statement from the command line it works
fine:
> >
> > SELECT level FROM users WHERE fname = [firstname] AND lname = [lastname]
AND
> > password = [password] AND paid = 1;
> >
> > Yet, when the exact same statement is within a PHP function receiving
the
> > values as arguments such as:
> >
> > function userLevel ($f_name, $l_name, $pw, &$userlevel) {
> > [connect to database, etc.]
> > $sql='SELECT level FROM users WHERE fname = ' . $f_name . ' AND lname
= '
> > . $l_name . ' AND password = ' . $pw . ' AND paid = 1';
> >
> > ending with:
> > $userlevel=intval($sql);
> > return true;
> > }
> >
> > ...I get error #1054: Unknown column 'Joe' in 'where clause'... where
"Joe"
> > represents the value in $f_name.
> >
> > I've restructured the statement several times but with no success. Is
this a
> > bug in MySQL ?
>
> No, not a bug in MySQL but in your PHP script
>
> String in SQL should be single-quoted
>
>
> $sql='SELECT level FROM users WHERE fname = \'' . $f_name . '\' AND lname
=
> \'' . $l_name . '\' AND password = \'' . $pw . '\' AND paid = 1';
>
>
> To make it easier to see, we use double-quotes for the same $sql
>
> $sql="SELECT level FROM users WHERE fname = '" . $f_name . "' AND lname =
'" .
> $l_name . "' AND password = '" . $pw . "' AND paid = 1";
>
>
> String that aren't quoted are considered as column names.
>
>
> //Aho

[Back to original message]