Posted by Tom Peel on 02/06/06 15:28

I've made the same mistake in the past. Very confusing.
T.

joeblow wrote:
> Wonderful!! Thank you very much!
>
> "J.O. Aho" <user@example.net> wrote in message
> news:44m4v3F2qm0mU1@individual.net...
>
>>joeblow wrote:
>>
>>>Am in the initial stages of development and am receiving the oddest
>
> error.
>
>>>The field/column names in this particular table (users) are: fname,
>
> lname,
>
>>>password, level, paid, (and userid).
>>>
>>>When I run the following SQL statement from the command line it works
>
> fine:
>
>>>SELECT level FROM users WHERE fname = [firstname] AND lname = [lastname]
>
> AND
>
>>>password = [password] AND paid = 1;
>>>
>>>Yet, when the exact same statement is within a PHP function receiving
>
> the
>
>>>values as arguments such as:
>>>
>>>function userLevel ($f_name, $l_name, $pw, &$userlevel) {
>>>[connect to database, etc.]
>>> $sql='SELECT level FROM users WHERE fname = ' . $f_name . ' AND lname
>
> = '
>
>>>. $l_name . ' AND password = ' . $pw . ' AND paid = 1';
>>>
>>> ending with:
>>> $userlevel=intval($sql);
>>> return true;
>>>}
>>>
>>>...I get error #1054: Unknown column 'Joe' in 'where clause'... where
>
> "Joe"
>
>>>represents the value in $f_name.
>>>
>>>I've restructured the statement several times but with no success. Is
>
> this a
>
>>>bug in MySQL ?
>>
>>No, not a bug in MySQL but in your PHP script
>>
>>String in SQL should be single-quoted
>>
>>
>>$sql='SELECT level FROM users WHERE fname = \'' . $f_name . '\' AND lname
>
> =
>
>>\'' . $l_name . '\' AND password = \'' . $pw . '\' AND paid = 1';
>>
>>
>>To make it easier to see, we use double-quotes for the same $sql
>>
>>$sql="SELECT level FROM users WHERE fname = '" . $f_name . "' AND lname =
>
> '" .
>
>>$l_name . "' AND password = '" . $pw . "' AND paid = 1";
>>
>>
>>String that aren't quoted are considered as column names.
>>
>>
>> //Aho
>
>
>

[Back to original message]