5

I've written this PHP-Script which is working, and now I want to change the row name into a variable to (not sure if row is correct), I mean the "name" from the select name... I've tried nearly everything, but nothing gave me the right result. I know that the normal thing how I can use variables in a statement like ("'. $var .'") won't work.

<?php
require_once 'config.php';

$id = $_GET["id"]; //ID OF THE CURRENT CONTACT
$user = $_GET["user"];  //ID OF THE CURRENT USERS

$query = mysql_query("SELECT name FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");

$retval = mysql_fetch_object($query)->name;

$retval = trim($retval);
echo $retval;
?>
Improve this question
9
  • 3
    I noticed your other questions are in English, you might get more answers if this one was as well. Commented Aug 13, 2010 at 10:50
  • use alt+shift and come back :-) Commented Aug 13, 2010 at 10:50
  • I can't understand even the translated version: translate.googleusercontent.com/… Commented Aug 13, 2010 at 10:51
  • Please put your question in English to help the maximun number or persons to read it and help you. Commented Aug 13, 2010 at 10:53
  • i've translated it into my poor english ;) Commented Aug 13, 2010 at 10:57

7 Answers 7

Reset to default
6

This is much easier isn't it?

$sql_insert = 
"INSERT INTO customers (        
`name`,
`address`,
`email`,
`phone`
) 
VALUES (        
'$name',
'$address',     
'$email',
'$phone'
)";
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks for this answer. it's thousand times easier to read than all other solutions. is this somehting new in a current version of php or was this always possible already?
3

Is it this you're looking for? Even your question in German isn't that clear to me :

$field = 'name';
$query = mysql_query("SELECT $field FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");
$retval = mysql_fetch_object($query)->$field;
Improve this answer

12 Comments

@Col. Shrapnel: Depends on where $field comes from and if it's properly escaped.
@Col. Shrapnel: Not as is, if he just gets the $name from a GET/POST var without checking, then yes you have a point.
@dbemerlin oh can you tell me how to properly escape?
Why on earth is there a "$retval = $retval = " on the last line? (Also, why not just use mysql_real_escape_string around $field?)
@middaparka because mysql_real_escape_string would help nothing
|
3

You can usi it something like this. Currently i assume you get only one row back and want to use only one field.

<?php
require_once 'config.php';

$id = $_GET["id"]; //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"];  //ID DES DERZEITIGEN USERS

//Use variable inside closures `` and just in case escape it, depends how you get variable
$query = mysql_query("SELECT `".mysql_real_escape_string($variable)."` FROM contacts WHERE contact_id='". mysql_real_escape_string( $id ) ."' and user_id='1';");


if (!$query) {
    echo 'Could not run query: ' . mysql_error();
    exit;
}
$row = mysql_fetch_row($query); //Retriev first row, with multiple rows use mysql_fetch_assoc
$retval = $row['0']; //Retriev first field

$retval = trim($retval); 
echo $retval;
?>
Improve this answer

Comments

2
  • Please post in English. Everyone else does.
  • Try using a different fetch method - fetch an associative array, then use the dynamic parameter to retrieve whatever column it is you need.
  • Have you considered using PDO?
Improve this answer

1 Comment

I also suggest using PDO. It is much more better.
1

I believe you are confusing matters (unintentionally) due to your use of the word 'row'. Judging by your example you mean field/column. It sounds like you wish to specify the fields to select using a variable which can be done by any of these methods...

$fields = "name, age";

$sql = "SELECT $fields FROM table";
$sql = "SELECT {$fields} FROM table";
$sql = "SELECT ".$fields." FROM table";

NB it is important that you have secure date in the $fields element, I would suggest using a whitelist of allowed values i.e.

// assuming $_POST['fields'] looks something like array('name','age','hack');
$allowed = array('name', 'age');
$fields = array();

foreach ($_POST['fields'] as $field) {
   if (in_array($field, $allowed)) {
      $fields[] = $field;
   }
$fields = implode(', ', $fields);
Improve this answer

2 Comments

i've tried this: ".$fields." but it doesn't work for me, so i use this one $fields
mikep, all three solutions I gave work perfectly fine, if you had problems implementing it, then that's because your implementation was messed up, most like by messing up single/double quoted strings. It is perfectly valid PHP.
0

Wouldn't this work?

$result = mysql_fetch_array($query);

echo trim($result['name']);
Improve this answer

Comments

0

You should never put a variable into field list.
If want a variable field name, select * and then use your variable to fetch particular field

<?php
require_once 'config.php';

$id = mysql_real_escape_string($_GET["id"]); //ID DES DERZEITIGEN KONTAKTES
$user = $_GET["user"];  //ID DES DERZEITIGEN USERS

$query  = "SELECT * FROM contacts WHERE contact_id='$id' and user_id='1'";
$result = mysql_query($query) or trigger_error(mysql_error().$query);

$row = mysql_fetch_array($result);

//and finally
$fieldname = "name";
$retval = $row[$fieldname];

echo $retval;
?>
Improve this answer

1 Comment

yes i could do it this way to, you'r right, but the query should be "SELECT * FROM contacts WHERE contact_id='$id' and user_id='1'" instead "SELECT name FROM contacts WHERE contact_id='$id' and user_id='1'".

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.