PHP Variable in Select Statement

php mysql html variables select

63,029

Solution 1

This is much easier isn't it?

$sql_insert = 
"INSERT INTO customers (        
`name`,
`address`,
`email`,
`phone`
) 
VALUES (        
'$name',
'$address',     
'$email',
'$phone'
)";

Solution 2

You can usi it something like this. Currently i assume you get only one row back and want to use only one field.

<?php
require_once 'config.php';

$id = $_GET["id"]; //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"];  //ID DES DERZEITIGEN USERS

//Use variable inside closures `` and just in case escape it, depends how you get variable
$query = mysql_query("SELECT `".mysql_real_escape_string($variable)."` FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");


if (!$query) {
    echo 'Could not run query: ' . mysql_error();
    exit;
}
$row = mysql_fetch_row($query); //Retriev first row, with multiple rows use mysql_fetch_assoc
$retval = $row['0']; //Retriev first field

$retval = trim($retval); 
echo $retval;
?>

Solution 3

Is it this you're looking for? Even your question in German isn't that clear to me :

$field = 'name';
$query = mysql_query("SELECT $field FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
$retval = mysql_fetch_object($query)->$field;

Solution 4

Please post in English. Everyone else does.
Try using a different fetch method - fetch an associative array, then use the dynamic parameter to retrieve whatever column it is you need.
Have you considered using PDO?

Solution 5

I believe you are confusing matters (unintentionally) due to your use of the word 'row'. Judging by your example you mean field/column. It sounds like you wish to specify the fields to select using a variable which can be done by any of these methods...

$fields = "name, age";

$sql = "SELECT $fields FROM table";
$sql = "SELECT {$fields} FROM table";
$sql = "SELECT ".$fields." FROM table";

NB it is important that you have secure date in the $fields element, I would suggest using a whitelist of allowed values i.e.

// assuming $_POST['fields'] looks something like array('name','age','hack');
$allowed = array('name', 'age');
$fields = array();

foreach ($_POST['fields'] as $field) {
   if (in_array($field, $allowed)) {
      $fields[] = $field;
   }
$fields = implode(', ', $fields);

View more solutions

63,029

Author by

mikepenz

Updated on July 09, 2022

Comments

mikepenz almost 2 years
I've written this PHP-Script which is working, and now I want to change the row name into a variable to (not sure if row is correct), I mean the "name" from the select name... I've tried nearly everything, but nothing gave me the right result. I know that the normal thing how I can use variables in a statement like ("'. $var .'") won't work.
```
<?php
require_once 'config.php';

$id = $_GET["id"]; //ID OF THE CURRENT CONTACT
$user = $_GET["user"];  //ID OF THE CURRENT USERS

$query = mysql_query("SELECT name FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");

$retval = mysql_fetch_object($query)->name;

$retval = trim($retval);
echo $retval;
?>
```