We Keep Coding

Get Column Names with SQL Query

how can I get the column names without explicitly asking for it?
I have this SQL query.
SELECT * FROM Machines WHERE id='$id'
Is it possible to get the column names through a PHP function? Something like this:
mysqli_fetch_columns($result)
I understand that you can get the column names through a SQL Statement, however this is not practical for me. I would like to retreive the column names through some PHP function.

include 'connection.php';
$result = $connection->query("select * from users");
while ($row = mysqli_fetch_field($result)) {
$array[] = $row;
}
In $array you will get all column name

Select rows searching with an id in a column that contains multiple ids separated by a comma

I have a column in mysql db that contain multiple ids separated by a comma like so... 100,112,324 . The column is defined as varchar.
I want to find those rows whose ids column contains the id 112 or some other id that I specify. Similar questions I have found suggest splitting up the values in the column using lengthy code. Maybe I'm wrong but I would think there is a cleaner approach. Here is what I'm attempting to do, any help is appreciated...
<?php
include "../connect.php";
$usrid = "%112%";
$stm = $conn->prepare("SELECT * FROM subjects WHERE ids LIKE ?");
$stm->execute($usrid);
while($row = $stm->fetch(PDO::FETCH_ASSOC)) {
echo $row['consultant']."<br>";
}
?>
I get a blank page as is.

Look at this PDO prepared statement:
Try putting the "to be binded variable" in an array:
$stm->execute(array($usrid));

use single quotes for LIKE query, because you have data type as varchar.
Try this:
$stm = $conn->prepare("SELECT * FROM subjects WHERE ids LIKE '?'");
$stm->execute($usrid);

About Quotation // SQL // PHP

I've two 3 variable and that used in $sql string
$bikeid = xxxxx
$st_char = column name
$st_tab = table name
I've coded out like this
$sql = "select $st_char
from $st_tab
where bike_id like '$bike_id'";
And like this
$sql = "select ".$st_char."
from dbo.".$st_tab."
where bike_id like ".$bike_id;
To select data from my database,the result is the same,they can get data from database
My question is which one is right and which one is wrong
if none wrong which one is better and why ?
Thanks

Both are bad because they are vulnerable to SQL injection.
There are also potential performance gains from using prepared statements. So at the very least, your query should look like:
select $st_char from $st_tab where bike_id like :bike_id
Unfortunately, you can't use parameters in certain situations, like column and table names. In this case you will need to do manual string concatenation, but whitelist allowed input. For example:
$allowed_cols = array('col1', 'col2', 'col3');
$allowed_tables = array('t1', 't2', 't3');
if(in_array($st_char, $allowed_cols, true) && in_array($st_tab, $allowed_tables, true))
{
$query = "select $st_char from $st_tab where bike_id like :bike_id";
// perform execution here
}
else
{
// invalid or malicious input
}
You may also want to wrap the table/column names in square brackets ([]) to avoid conflicts with any reserved keywords:
$query = "select [$st_char] from [dbo].[$st_tab] where bike_id like :bike_id";

How to write an SQL statement for two variables, one carrying the table name, and the other the specific column in a table?

$select = $_POST['select'];
$search = $_POST['search'];
$sql = "SELECT * FROM '$select' WHERE $select = '$search'";
I have 2 variables carrying the aforementioned table name and column name. I want the user to be able to select a table name and then select a specific column and output the requested record.
I only have a problem with writing the sql statement. Thanks in advanced!

you may use the following query without any problem...
$sql="SELECT * from $select WHERE field_name='$search' ";
In the above query field_name is the that field name in which you want to search value of mattch the value.

you are using table instead of column
$sql = "SELECT * FROM '$select' WHERE $select = '$search'";
^^^^^^----//this should be column not table
this is bad idea you are doing. FULL of sql injection
switch to pdo or mysqli.
Escape your variables.

Counting rows with variables in where clause

I'm having trouble using variables in my SQL WHERE clause. I'm getting this error:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
result resource
The code is:
$sql3= mysql_query("SELECT COUNT($ww) FROM data WHERE $".$ww." = ".$weeknumber." ");
What am I doing wrong?

Why don't you count the table column by putting the columns name in your COUNT(column_name)?
Like so:
$sql3= mysql_query("SELECT COUNT(week_num) as wknum FROM data WHERE '$ww' = '$weeknumber'");
$counted_weeks["week_num"]
// $counted_weeks["week_num"] will output your sum
//week_num would be a column name from your "data" table

I recommend looking at this link. As #Crontab mentioned I am not sure why you have a dollar sign in front of your where clause.
A couple other things to point out:
As it says in the link, you will need to make sure the query text is properly escaped. Also, If I'm not mistaken (not familiar with PHP) do you need to explicitly concatenate the text instead of just using quotes? (i.e. instead of "SELECT ... " ... " do you need to do "SELECT ... " + " ... ")

php string formatting is perfect here, take your messy confusing concat string and make it clean and readable!
$sql3= mysql_query(sprintf("SELECT COUNT(%s) FROM data WHERE %s=%d", $ww, $ww, $weeknumber));

Assuming that $ww is a valid column name and $weekNumber is an integer, this should work:
$query = "SELECT COUNT(*) AS cnt FROM data WHERE $ww = '$weekNumber'";
$rs = mysql_query($query);
$r = mysql_fetch_assoc($rs);
echo "Count: {$r['cnt']}";

I am guessing $ww is referring to a column name. $weekNumber is obviously the value. In that case, your SQL query should look like this:
$sql3= mysql_query("SELECT COUNT(".$ww.") FROM data WHERE ".$ww." = ".$weeknumber." ");
I'm not a PHP guy, but I'm assuming you have the correct PHP syntax.