I have a query string that contains a variable like this
$field_name = 'features';
$value = '5';
$query = "SELECT * FROM Table WHERE $field_name\_tid = '$value'";
My goal is to print out the $query like this SELECT * FROM Table WHERE features_tid = '5';
I put \_ there hoping it would work as escape character, but it didn't work. Is there any way to achieve this without use methods like ". $field_name ." and modifying original variable value?
yes:
$query = "SELECT * FROM Table WHERE {$field_name}_tid = '$value'";
You can use:
$query = "SELECT * FROM Table WHERE {$field_name}_tid = '$value'";
Related
I have an associative array like
$where = array('name'=>'name','comp'=>'companyname')
This is my query
select * from tablename where = $where;
And i want to make a mysqli query generate
select * from tablename where name = 'name' and comp = 'companyname';
echo "select * from tablename where ".implode(' AND ' , preg_replace('/^(.*)$/e', ' "$1=\'". $where["$1"]."\'" ',array_flip($where)));
Try this. I set the conditions in a string and appended the string onto the end of the query. If you set the WHERE to be 1=1 +'yourstuff', you can build the query dynamically.
$queryappnd = '';
foreach($where as $i){
$column = array_key($i);
$value = $i;
$queryappnd .='AND'.$column.'='.$value;
}
$query = "SELECT *
FROM tablename
WHERE 1=1".$queryappnd;
I am trying to execute the query below.
$condition = "WHERE emp_id = '$emp_id'";
$myquery = "SELECT * FROM emp_table".$condition;
I expect my query to be like this, but dynamically:
$myquery = "SELECT * FROM emp_table WHERE emp_id = '$emp_id'";
Is there anyway to make SQL statements dynamically through variables in php..?
It should be
$condition = "WHERE emp_id = '$emp_id'";
$myquery = "SELECT * FROM emp_table ".$condition;
you forgot to put $ on myquery
You should never build queries dynamically like that. Correct way to do it is to use prepared statements.
In your case it'll be like that
$statement = $pdo->prepare("SELECT * FROM emp_table WHERE emp_id = :emp_id");
$statement->execute(array(
':emp_id' => $emp_id
));
$rows = $statements->fetchAll(PDO::FETCH_ASSOC);
Have you tried this? -
$condition = "WHERE emp_id = '" . $emp_id . "'";
$myquery = "SELECT * FROM emp_table " . $condition;
PHP does not expand variables within single-quote strings.
echo "$name"; //works
echo '$name'; //does not work
Take a look at this: Single quotes or double quotes for variable concatenation?
Try to select use "where" clause in a mysql statement:
e.g.
Table: X with a ID column which is BINARY data type. Then save in a variable in php
$aid = $row["id"];
How do i use this variable later when I try to select from table
$where = "where `ID` = '$aid'";
$query = "SELECT * FROM X ".$where;
Return 0 row.
Does anyone know why?
Answering my own question.
Just figured out:
$where = "where HEX(ID) = 'bin2hex($aid)'";
$query = "SELECT * FROM X ".$where;
Does anyone know better solution?
Try below :
add BINARY in where clause.
$where = "where BINARY ID = '$aid'";
$query = "SELECT * FROM X ".$where;
I have this very simple function:
function getCatName($id){
$sql = "SELECT * FROM biznet_category WHERE ID ='".$id."';";
$res = mysql_query ($sql) or die (mysql_error ());
$row = mysql_fetch_assoc ($res);
$name = $row["Name"];
return $name;
}
So with this function I should be able to get the category name, but it doesn't work with the parameter. If I put 8 or 9, the categoryname is displayed correctly.
The id is also passed on like it should, when I print it out, it shows 8 or 9.
I know the solution is quite simple, I just don't see it.
To fix remove the quotes and check the column name for case id or ID. Since the query string is in double quotes you don't have to use the . join
$sql = "SELECT * FROM biznet_category WHERE ID = $id";
You can use curly brackets which I find easier to read
$sql = "SELECT * FROM biznet_category WHERE ID = {$id}";
If you were querying a string rather than an integer you can simply do
$sql = "SELECT * FROM biznet_category WHERE ID = '{$id}'";
$sql = "SELECT * FROM biznet_category WHERE ID ='".$id."';";
To
$sql = "SELECT * FROM biznet_category WHERE ID = ".$id;
Try this
$sql = "SELECT * FROM biznet_category WHERE ID = ".$id;
Is the column name ID spelt correctly?
I'm wondering how to query a database using an array, like so:
$query = mysql_query("SELECT * FROM status_updates WHERE member_id = '$friends['member_id']'");
$friends is an array which contains the member's ID. I am trying to query the database and show all results where member_id is equal to one of the member's ID in the $friends array.
Is there a way to do something like WHERE = $friends[member_id] or would I have to convert the array into a string and build the query like so:
$query = "";
foreach($friends as $friend){
$query .= 'OR member_id = '.$friend[id.' ';
}
$query = mysql_query("SELECT * FROM status_updates WHERE member_id = '1' $query");
Any help would be greatly appreciated, thanks!
You want IN.
SELECT * FROM status_updates WHERE member_id IN ('1', '2', '3');
So the code changes to:
$query = mysql_query("SELECT * FROM status_updates WHERE member_id IN ('" . implode("','", $friends) . "')");
Depending on where the data in the friends array comes from you many want to pass each value through mysql_real_escape_string() to make sure there are no SQL injections.
Use the SQL IN operator like so:
// Prepare comma separated list of ids (you could use implode for a simpler array)
$instr = '';
foreach($friends as $friend){
$instr .= $friend['member_id'].',';
}
$instr = rtrim($instr, ','); // remove trailing comma
// Use the comma separated list in the query using the IN () operator
$query = mysql_query("SELECT * FROM status_updates WHERE member_id IN ($instr)");
$query = "SELECT * FROM status_updates WHERE ";
for($i = 0 ; $i < sizeof($friends); $i++){
$query .= "member_id = '".$friends[$i]."' OR ";
}
substr($query, -3);
$result = mysql_query($query);