PHP Variable in MySQL Statement

Question

twelvetwelve 0 Newbie Poster

16 Years Ago

When I use the following PHP code I get this error

Error performing query: Unknown column 'nh12134' in 'where clause'

Yet when I use 'nh12345', which is the Value that the variable $username contains (i've checked that it does by printing it out elsewhere) instead of the $username in the query it returns the correct value.

$tutorname = @mysql_query("SELECT Personal_tutor FROM Student WHERE student_ref=$username;"); 
if (!$tutorname) {
exit ('<p> Error performaing query: ' . mysql_error() . '</p>');
}

Any help is much appreciated

Thanks
NH

mysql php

7 Contributors
9 Replies
274 Views
2 Years Discussion Span
Latest Post 14 Years Ago Latest Post by Ankit_Parmar

pzuurveen 90 Posting Whiz in Training

16 Years Ago

someting like this:

$query = sprintf("SELECT Personal_tutor FROM Student WHERE student_ref='%s' ",
    mysql_real_escape_string( $username));

$tutorname = @mysql_query($query); 
if (!$tutorname) {
exit ('<p> Error performaing query: ' . mysql_error() . '</p>');
}

Ole Raptor 19 Posting Whiz in Training

16 Years Ago

try this

$tutorname = mysql_query("SELECT Personal_tutor FROM Student WHERE student_ref = '".$username."'");

Ole Raptor 19 Posting Whiz in Training

16 Years Ago

so you want to display everything from this table depending on the users search criteria. you are allowing the user to specify what field to search through. so you will need to grab 2 var's from other page.

$col = $_POST['column'];
$search = $_POST['search'];
$query = mysql_query("Select Model,Prime_kVA,Prime_kW,Engine, Alternator,Cylinders,Bore, Stroke,Governer,Type, Retail WHERE ".$col." like '%".$search."%'") or die(mysql_error());
while($row = mysql_fetch_assoc($query)){
echo $row['Model']."<br>";
echo $row['Prime_kVA']."<br>";
//continue to display remainder of fields
}

this is assuming you have the column in the other page for the user to select. and the textfield for the user to place the search text.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Peterpan71 0 Newbie Poster · Answer 1 · 2008-05-31T00:51:40+00:00

$Search=$_POST['Search'];

$query_Retrieve = "Select Model,Prime_kVA,Prime_kW,Engine, Alternator,Cylinders,Bore, Stroke,Governer,Type, Retail WHERE (`$Search` like '%{$_POST[Engine]}%') OR (`$Search` like '%{$_POST[Type]}%')";

The above code produces: Wrong results

I have checked that the values are passed correctly.

The idea is that on the refering page the client selects the field to use when doing the query. I have never used variable to indicate the table in the query. Can someone please help me with this.

Ole Raptor 19 Posting Whiz in Training · Answer 2 · 2008-05-31T01:17:49+00:00

sorry i changed the code lets try that again.

$Search=$_POST['Search'];

$query_Retrieve = "Select Model,Prime_kVA,Prime_kW,Engine, Alternator,Cylinders,Bore, Stroke,Governer,Type, Retail WHERE (`".$Search."` like '%".$_POST[Engine]."%') OR (`".$Search."` like '%".$_POST[Type]."%')";

Peterpan71 0 Newbie Poster · Answer 3 · 2008-05-31T04:58:08+00:00

$query_Retrieve = "SELECT Model, Prime_kVA, Prime_kW, Engine, Alternator, Cylinders, Bore, Stroke, Governer, Type,Retail 
   
  
  FROM Import WHERE 
  ((`".$Search."` = '%".$_POST[Engine]."%') AND (`Prime_kVA` = '%".$_POST[Prime_kVA]."%'))
                  OR 
  (`".$Search."` = '%".$_POST[Prime_kVA]."%')
                   
  ";
  //OR (`Engine`like '%{$_POST[Engine]}%') OR (`Alternator`like '%{$_POST[Alternator]}%') OR 
  mysql_select_db($database_generators, $generators);
  $Table = mysql_query($query_Retrieve, $generators) or die(mysql_error());

When I use "like" instead of the "=" I get results, but if I make the Prime_kVA (10) the the results that comes back is 10, 100 etc. when using the "=" I get no results.

kukie 0 Newbie Poster · Answer 4 · 2010-07-02T23:02:28+00:00

Hi
I am very new to PHP an MYSQL
I have almost the same problem,
how can I

$q=$_GET["q"];
$CMY=$get["CMY"];
...

$query=("INSERT INTO the_array($CMY, model)
VALUES('$q','dddd')");

rajarajan2017 · Answer 5 · 2010-07-05T11:07:08+00:00

$tutorname = @mysql_query("SELECT Personal_tutor FROM Student WHERE student_ref='$username'"); 
if (!$tutorname)

Ankit_Parmar 1 Light Poster · Answer 6 · 2010-07-05T11:14:09+00:00

Use Single Quotes for PHP Variables in mysql.

i.e. '$username'