This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
mysqli_query($con, "SELECT * FROM files WHERE main_subject = " + echo $_GET['msubject']);
The above gives me a parse error. Could you give me suggestions on how I could change it to make it work?
You have to use . instead of + for the concatenation.
Replace your script for this:
mysqli_query($con, "SELECT * FROM files WHERE main_subject = '" . $_GET['msubject'] . "'");
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
If you create a variable inside a if statement is it available outside the if statement?
(4 answers)
How to replace "if" statement with a ternary operator ( ? : )?
(16 answers)
If variable equals value php [duplicate]
(4 answers)
Closed 2 years ago.
There are a lot of examples on SO of using str_replace to modify a query that uses variables in MYSQL but I can't find one that solves my problem.
I have the following legacy query that I'm debugging written in PHP and MySQL.
Somewhat simplified it is:
$sql = "SELECT * from MOVIES WHERE cat = '$cat'";
In the event that cat has a certain value, say, "action" I want to check for "adventure";
Let's say you start with query:
$cat = "action";
$sql = "SELECT * FROM MOVIES WHERE cat='$cat'";
I'm trying to modify the query with:
$needle = "cat=".$cat;
$altcat = "adventure";
$altwhere = "cat=".altcat;
$sql = str_replace($needle,$altwhere,$sql); //NOTHING GETS REPLACED...NOT MATCHING Needle
How can I do this? I'm thinking the problem has something to do with use of spaces or apostrophes in the sql string but can't get it to work.
Thanks for any suggestions.
You want to replace "cat='".$cat."'" with "cat='adventure'", not "cat=".$cat with "cat=adventure".
(Though you are inconsistent in saying if there are spaces around the =.)
But you should not do this and should use a placeholder instead.
I would not try to do string substitution on the SQL query. Instead, just use query parameters.
$cat = 'action'; // suppose this is the input to your program
$sql = "SELECT * from MOVIES WHERE cat = ?";
if ($cat == 'action') {
$cat = 'adventure';
}
$stmt = $db->prepare($sql);
$stmt->execute( [ $cat ] );
This question already has answers here:
How can I combine two strings together in PHP?
(19 answers)
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
In my php I make this query
$sql = "SELECT * FROM session WHERE sessionid = '$_SESSION["id"]';";
which results in an error
Parse error: syntax error, unexpected '"', expecting '-' or identifier
(T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in
/opt/lampp/htdocs/Chore-Champs/index.php on line 6
Obviously there is something wrong with how I'm nesting the quotes, so I've tried different ways, including
$sql = "SELECT * FROM session WHERE sessionid = " . $_SESSION['id'] . ";";
this still results in the same error.
Normally the first method would work with normal variables such as $username, but I guess that session variables are handled differently. What's the correct way to write this query?
Try
$sql = "SELECT * FROM session WHERE sessionid = '" . $_SESSION['id'] . "';";
A basic string concatenation in php
try this:
$sql = "SELECT * FROM session WHERE sessionid = '". $show. "'";
This question already has answers here:
What is the difference between single-quoted and double-quoted strings in PHP?
(7 answers)
Closed 5 years ago.
I'm trying to write a SQL query into PHP variable and then trying write in a PHP file. When I trigger the code, it gives me "Object of class mysqli could not be converted to string in " error.
Here is my variable.
Thanks for your help
$txt = " $conn = mysqli_connect('shareddb1c.hosting.stackcp.net','egitimde-adresim-323044d1','','egitimde-adresim-323044d1');
mysqli_set_charset($conn, 'utf8');
$only_query = 'SELECT * FROM anaokulu_veritabani WHERE anaokulu_id = 63';
$yayinda_query = mysqli_query($conn, $only_query);
if($yayinda_array = mysqli_fetch_array($yayinda_query)) {
if($yayinda_array[online] == 0 ) {
header('Location:http://www.egitimdeadres.com');
}
}";
Use single quotes istead of double, because PHP will parse your variables under double quotes.
In your example be careful about single quotes inside your string use double quotes or escape them.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
I am running a PDO query on a MySQL database and I get an error saying there is invalid argument supplied for the foreach. On the frontend, I just pass a string to $questionTable and an integer for $questionID.
What am I doing wrong?
$query = $this->dbConnection->query("SELECT * FROM ('$questionTable') WHERE id = ('$questionID')");
foreach ($query as $row) {
echo $row;
};
Is it because of we shouldn't put '' into the query?
I mean:
$query = $this->dbConnection->query("SELECT * FROM ($questionTable) WHERE id = ($questionID)");
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How do I handle single quotes inside a SQL query in PHP?
I had written the following code to fetch a data from a mysql table:
$clg=$row['text'];
$query1 = "SELECT * FROM user WHERE text='$clg'";
$result1 = mysql_query($query1,$con) or die(mysql_error());
$count=mysql_num_rows($result1);
echo $count;
But the text field has a single quote(') which closes the single quotes in $query1, hence resulting in mysql syntax error. How can I rectify this?
$clg=$row['text'];
$query1 = "SELECT * FROM user WHERE text='" . mysql_real_escape_string($clg) . "'";
$result1 = mysql_query($query1,$con) or die(mysql_error());
$count=mysql_num_rows($result1);
echo $count;
But you should know that mysql_* functions family will be deprecated soon.
Please read the red box here located on php.net website.
<?php
function escape($string) {
if(get_magic_quotes_gpc()) $string = stripslashes($string);
return mysql_real_escape_string($string);
}
write this function and call it
escape($clg);
for prevent every mysql syntax error and sql injection.`