Reputation: 4249
Is this MySql Query Statement correct?
I would like to know whether this MySql statement will be executed correctly,
"SELECT sum(price) FROM products WHERE productid IN (SELECT productid FROM shoppingcart WHERE sessionid=".$this->$sessionid.")"
And if not please give me pointers as to where I am wrong.
Thanks
Upvotes: 0
Views: 69
Answers (4)
Reputation: 116528
As @praynay said, I believe you need quotes around the session id.
Also, be very, very sure $this->sessionid will not have a quote character in itself, or that you escape it properly before passing it to MySQL. (Or better yet, use a parameterized query.)
Upvotes: 0
Reputation: 16178
I'm sure you meant
$this->sessionid
not
$this->$sessionid
(the second one returns value of property, which name is stored in sessionid, thus, when $sessionid is 'abcdef', it tries to return value of $this->abcdef property).
Also, enclose in ' AND escape all parameters.
"SELECT sum(price) FROM products WHERE productid IN (SELECT productid FROM shoppingcart WHERE sessionid='".mysql_escape_string($this->sessionid)."')";
Upvotes: 1
Reputation: 176936
i am using sql server but i think error over here is
single quote ' is required for session id
"SELECT sum(price) FROM products WHERE productid IN (SELECT productid
FROM shoppingcart WHERE sessionid='".$this->$sessionid."')"
Upvotes: 1
Related Questions
- Is the sql query correct?
- Is this sql query correct?
- Is it correct to write a MySQL query like this?
- Is this sql query even acceptable?
- Anything wrong with this MySQL query?
- MySQL Query in PHP - Not Correct?
- PHP mySQL sanity check, query error
- is my select statement right
- Need new eyes on a mysql query statement