PHP variable in Select statement

Question

PHP variable in Select statement

I wrote this PHP-Script that works, and now I want to change the name of the string in the variable (not sure if the string is correct), I mean the "name" from select the name ... I tried almost everything, but nothing gave me the correct result. I know that the normal thing, how can I use variables in an expression like (".. $ Var. '"), Will not work.

<?php require_once 'config.php'; $id = $_GET["id"]; //ID OF THE CURRENT CONTACT $user = $_GET["user"]; //ID OF THE CURRENT USERS $query = mysql_query("SELECT name FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';"); $retval = mysql_fetch_object($query)->name; $retval = trim($retval); echo $retval; ?>

+4

variables html php mysql select

mikepenz Aug 13 '10 at 10:48

source share

7 answers

Are you looking for this? Even your question in German is not so clear:

 $field = 'name'; $query = mysql_query("SELECT $field FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';"); $retval = mysql_fetch_object($query)->$field;

+3

wimvds Aug 13 '10 at 11:02

source share

You can use something like that. Currently, I assume that you will only get one row back and want to use only one field.

 <?php require_once 'config.php'; $id = $_GET["id"]; //ID DES DERZEITIGEN KONTAKTES $user = $_GET["user"]; //ID DES DERZEITIGEN USERS //Use variable inside closures `` and just in case escape it, depends how you get variable $query = mysql_query("SELECT `".mysql_real_escape_string($variable)."` FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';"); if (!$query) { echo 'Could not run query: ' . mysql_error(); exit; } $row = mysql_fetch_row($query); //Retriev first row, with multiple rows use mysql_fetch_assoc $retval = $row['0']; //Retriev first field $retval = trim($retval); echo $retval; ?>

+3

Aivar Nov 20 '12 at 8:10

source share

Please publish in English. Everyone else does.
Try a different sampling method - select an associative array, then use the dynamic parameter to get the column you want.
Have you considered using PDO?

+2

tdammers Aug 13 '10 at 10:52

source share

I believe that you confuse the questions (inadvertently) due to the use of the word "string". Judging by your example, you mean a field / column. It looks like you want to specify the fields to select using a variable that can be executed by any of these methods ...

 $fields = "name, age"; $sql = "SELECT $fields FROM table"; $sql = "SELECT {$fields} FROM table"; $sql = "SELECT ".$fields." FROM table";

NB it is important that you have a safe date in the $ fields element, I would suggest using a whitelist of valid values i.e.

 // assuming $_POST['fields'] looks something like array('name','age','hack'); $allowed = array('name', 'age'); $fields = array(); foreach ($_POST['fields'] as $field) { if (in_array($field, $allowed)) { $fields[] = $field; } $fields = implode(', ', $fields);

+1

Peter O'Callaghan Aug 13 '10 at 11:09

source share

Does this work?

 $result = mysql_fetch_array($query); echo trim($result['name']);

0

Andrei Serdeliuc Aug 13 '10 at 11:02

source share

You should never put a variable in a list of fields.
If a variable name is required, select * and then use the variable to obtain a specific field

 <?php require_once 'config.php'; $id = mysql_real_escape_string($_GET["id"]); //ID DES DERZEITIGEN KONTAKTES $user = $_GET["user"]; //ID DES DERZEITIGEN USERS $query = "SELECT * FROM contacts WHERE contact_id='$id' and user_id='1'"; $result = mysql_query($query) or trigger_error(mysql_error().$query); $row = mysql_fetch_array($result); //and finally $fieldname = "name"; $retval = $row[$fieldname]; echo $retval; ?>

0

Your common sense Aug 13 '10 at 11:03

source share

Izzy · Accepted Answer · 2014-04-09T02:15:51+0000

It's a lot easier, isn't it?

 $sql_insert = "INSERT INTO customers ( `name`, `address`, `email`, `phone` ) VALUES ( '$name', '$address', '$email', '$phone' )";

PHP variable in Select statement

More articles: