0

For some reason I can't pass a var inside a mysql statement. I have a function that can be used for multiple tables. So instead of repeating the code I want to change the table that is selected from like so,

function show_all_records($table_name) {

     mysql_query("SELECT * FROM $table_name");

etc, etc...

}

And to call the function I use show_all_records("some_table") or show_all_records("some_other_table")

depending on which table I want to select from at the moment. But it's not working, is this because variables can't be passed through mysql statements?

Improve this question
1
  • Obligatory: if the table name is dynamic, you should ensure it matches /^\w+$/ or similar before interpolating it into SQL, else you may be vulnerable to SQL injection attacks. Commented Apr 1, 2010 at 2:54

4 Answers 4

Reset to default
4

The code you pasted must work. The possible reasons it doesn't are:

  • You are using 'SELECT * FROM $table_name' (single quotes instead of double quotes)
  • You misspelled $table_name

Try die("SELECT * FROM $table_name"); and you'll see exactly what's wrong!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Try

$results = mysql_query("SELECT * FROM $table_name") or die(mysql_error());

and tell us what does it says. In theory $table_name should be parsed as a string, as it is inside "" and not ''

Improve this answer

Comments

0

Your query looks fine. Can't see why that wouldn't work. Have you connected to the DB properly with mysql_connect() elsewhere in your code? Did the connection get established? Does the user you're connecting as have SELECT permissions on the table you're trying to access?

Improve this answer

Comments

0

My recent experience with SQL, PHP, and MySQL showed me that I should write SQL statements like below to have them work, whether inside PHP scripts or from SQL interaction in phpMyAdmin. Otherwise my queries did not work. i just modify same code you have posted above to generalize a bit what i come up with. and give general rules that work.

beware single quotes around any value(record value not a db, table or column name) whether data representing itself or the variable name represent that data. i mean ' mark. also variable scopes in the language php should be regarded as always, that is another thing.

function show_all_records($table_name) {

     mysql_query("SELECT `Username` FROM `$table_name` WHERE `Username` = 'edwin'");

etc, etc...

}

In SQL I discovered I should follow the following syntax rules to have my queries work in general:

  1. Double-quote all SQL query. i mean the " mark.
  2. Backquote all database names and table names and column names(column names can be left non-quoted, as well). i mean the ` (option + comma on Macintosh).
  3. Single-Quote all values. i mean the ' mark.
  4. Quote the variables with the same quotation mark that would be done for their values regarding above three rules.
Improve this answer

1 Comment

could not escape the backquote ` mark in the 2nd one, someone who knows to do may want to edit appropriately.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.