Reputation: 1
Cannot insert WHERE statement with a variable in php query
<?php
// Working SELECT query.
$db = new SQLite3('casino.db');
// This works great and returns only name = bergpau !!!
$results = $db->query('SELECT * FROM employe WHERE username="bergpau"');
while ($row = $results->fetchArray())
print $row['nom'] . "<BR>";
// This DOES NOT WORK AT ALL, returns no values !!! HELP !!!
$astring = "bergpau";
$results = $db->query('SELECT * FROM employe WHERE username=$astring');
while ($row = $results->fetchArray())
print $row['nom'] . "<BR>";
?>
Opening database, ok return no value since it cannot validate string in WHERE clause
Upvotes: 0
Views: 56
Answers (1)
Reputation: 23880
Strings, in SQL (and PHP), need to be quoted like you did in your first query (username="bergpau"). This also could open you to SQL injections; you should use parameterized queries.
$results = $db->query("SELECT * FROM employe WHERE username='{$astring}'");
Also variables in single quotes aren't processed by PHP.
Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.
-http://php.net/manual/en/language.types.string.php
Alternatively you could pass the quotes in the assignment (note the double quotes are for the encapsulation in PHP, the single quotes are stored in the value of $astring):
$astring = "'bergpau'";
then you'd just need to concatenate the variable.
$results = $db->query('SELECT * FROM employe WHERE username=' . $astring);
Upvotes: 1
Related Questions
- PHP query not working with variable
- php mysql where clause not reading variable
- PHP SQL Statement not accepting Variable
- adding a where variable inside sql
- Using INSERT WHERE with variables
- sql query not accepting a php variable
- MySQL query not working while using php variable in where clause
- PHP variable in WHERE syntax issue :(
- Using a variable in the WHERE Clause
- using WHERE clause as a variable in MySQL query not working