I have a piece of code that looks like this:
$result = mysql_query($queryc) or die(mysql_error());
if(mysql_num_rows($result) > 0)
{
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo $row['$field'];
}
}
Say that code was in a function and I wanted to pass $field to the $row[''] how would I accomplish that?
In other words I'm attempting to use $row['$field']; and $field is defined elsewhere
suppose you have this function definition:
function foo($field) {
// from that code you have given
....
echo $row[$field]; // no need of the quotation marks around $field
....
}
You'd not put any quotes around $field... like this:
echo $row[$field];
Variables are not expanded in single quotes; they are only expanded in double quotes or in the heredoc syntax:
When a string is specified in double quotes or with heredoc, variables are parsed within it.
So either use double quotes or, even better, just omit them:
$row[$field]
Single quotes inhibit variable substitution.
echo $row["$field"];
or just
echo $row[$field];
The latter is highly recommended as it does not require PHP to parse $row["$field"] into $row[$field]. Saves you some microtime in each iteration.
Related
I'm trying to replace the value from array.
$row= array("id"=>"35", "name"=>"test","first_name"=>"noor","last_name"=>"fathima");
// Eval Statement -
$row = $row['first_name'].' '.$row['last_name'];
eval("\$row = \"$row\";");
//This should return noor fathima
I am unable to replace the values. Can anyone please help me out?
Not a huge fan of eval() as it can be a pain, but the main thing is to get all of the right $'s and quotes escaped/unescaped etc. To get round this I've put the expression into single quotes as this stops any interpretation - until you eval() it...
$row= array("id"=>"35", "name"=>"test","first_name"=>"noor","last_name"=>"fathima");
eval('$result = $row["first_name"]." ".$row["last_name"];');
echo $result;
gives...
noor fathima
Why you need eval() here because it is already returning what you want as output?
<?php
$row= array("id"=>"35", "name"=>"test","first_name"=>"noor","last_name"=>"fathima");
echo $row['first_name'].' '.$row['last_name'];
?>
DEMO: https://3v4l.org/7KTH0
Why is this php function not working? It does work when not using $element.
With $element it always returns test.
function setVar($element)
{
if(isset($_POST['$element'])){
$varname = $_POST['$element'];
}
else {
$varname = 'test';
}
return $varname;
}
$var = setVar('element_6');
You probably mean:
... $_POST[$element] ...
without the quotes? Single-quoted content never gets replaced.
Change $_POST['$element'] in your code to $_POST[$element] and it should work fine.. $_POST['$element']) refers to nothing right now.
You'll need to change $_POST['$element'] to $_POST[$element]. Anything between single quotes is treated literally.
See: http://php.net/manual/en/language.types.string.php
You're referencing $_POST['$element']. Note that the single quotes around $element here turn it into a static string.
Solution: Remove the quote marks, and it will parse the $element properly.
Basically, I'm taking user input and passing it to a javascript function in a page from php. But because the user use's apostrophes, I'm getting errors. What's the proper escape function in php to use on a variable that will be surrounded by quotes. IE:
Some php:
$userString = "Joe's Pizza";
// escape here
echo "<script type=\"text/javascript\">myFunction('$userString');</script>";
Thanks much!
Wrap it in an object/associative array and use json_encode.
$array = array('data' => $userString);
$encoded_array = json_encode($array);
echo "<script type=\"text/javascript\">myFunction($encoded_array);</script>";
myFunction could look like:
function myFunction(obj)
{
var data = obj.data;
...
}
This also allows you to easily make the object more complex if needed.
addslashes; e.g.
$userString = addslashes("Joe's Pizza");
print '<script type="text/javascript">myFunction('$userString');</script>";;
I have a script that I wrote to look up an ID based on uniqueID
if ($_REQUEST['uniqueId'] != ""){
$qA = "SELECT id FROM customerdata WHERE uniqueId = \"". $_REQUEST['uniqueId']."\"";
$rA = mysql_query($qA);
list($id) = mysql_fetch_row($rA);
echo $id;
exit;
if ( mysql_num_rows ($rA) > 0) {
header('Location:response-en.php?id=$id');
}
else
{
header('Location:not-found.php');
}
}
Rather than sending the user to response-en.php?id=1 it sends them to response-en.php?id=$id
Any idea why this is happening? Any help would be greatly appreciated! Thank you!
Use:
header('Location:response-en.php?id='.$id);
When you use a single quote: '
This is a string literal. Everything (and I mean EVERYTHING) inside that string is taken wholesale. If you did this: $something = 'Location:response-en.php?id=$id';, the value of $something is: Location:response-en.php?id=$id In order to add a variable into the string, you use the concatenation operator .. Thus, the value of $something after $something = 'Location:response-en.php?id='.$id; would be Location:response-en.php?id=5 (assuming $id = 5)
See: http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.single
When you use double quote: "
PHP will search inside your sting to find any variables. It will then replace the variable name with the value of the variable. If you did this: $something = "Location:response-en.php?id=$id";, the value of $something is: Location:response-en.php?id=5 - note the use of double quotes.
See: http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.double
Also, I wanted to add that your script is vulnerable to SQL-injection attack. Always sanitize query-string values before using them in an SQL query. For more info on sanitizing values for sql, see the docs for mysql_real_escape_string.
Variables inside a single-quoted string are not parsed. Variables inside double quotes are. Check out:
http://www.php.net/manual/en/language.types.string.php
You need double quotes to process variables in a string. Not single quotes.
You have to use " in stead of '
header("Location:response-en.php?id=$id");
or:
header('Location:response-en.php?id='.$id);
Try enclosing your string with double quotes instead of single quotes for correct variable parsing:
"Location:response-en.php?id=$id"
or use complex syntax with curly braces surrounding your variables:
"Location:response-en.php?id={$id}"
See manual.
How can i get this to work properly:
if ((empty($page_name))
&& ($currentid == '$storedid')) { // PHP If Statement with multiple Checks
require_once("1.php");
} else { // PHP Else
require_once("2.php");
}
Right now regardless its showing me 2.php....
$page_name is a value for a db table. $currentid is session_id and $storedid is the stored id in the db for the $page_name.
Remove the single quotes in ($currentid == '$storedid')
to
($currentid == $storedid)
Your solution compares $currentid with a static string. Because of the single quotes $storeid is interpreted as a string.
Remove the single quotes surrounding $storeId, or put it in double quotes.
Where you are using '$storedid', it should be double quoted or not quoted at all. PHP is interpreting this as the literal string $storedid instead of parsing it as a variable.