How to write MySQL query that uses a PHP variable?
Question
How to place a php variable into query?
$shopid = $pdo->query('SELECT shopid FROM `shop` WHERE shopname='$shopname'')->fetchAll(PDO::FETCH_ASSOC);
This is not working, the error message show: "Parse error: syntax error, unexpected '$shopname' (T_VARIABLE)"
6 answers
solution1
4 ACCPTED 2013-10-21 06:01:44
No
Do not insert parameters this way. You should be using bindParam
$statement = $db->prepare('SELECT shopid FROM shop WHERE shopname=:shopname');
$statement->bindParam(':shopname', $shopname, PDO::PARAM_STR);
$statement->execute();
solution2
1 2013-10-21 06:01:59
If $shopname is coming from an untrusted source, you are wide open to SQL injection. To fix this, you should make use of PDO and it's prepared statement API:
$query = $pdo->prepare("SELECT shopid FROM shop WHERE shopname = ?");
$query->bindValue(1, $shopname, PDO::PARAM_STR);
$query->execute();
$shopid = $query->fetchAll(PDO::FETCH_ASSOC);
solution3
0 2013-10-21 05:39:37
您没有正确包装查询。
$shopid = $pdo->query("SELECT shopid FROM `shop` WHERE `shopname`='$shopname'");
solution4
0 2013-10-21 06:02:43
if you support the PDO ,why not use the prepare, and it is more safe.
$stmt = $pdo->prepare('SELECT shopid FROM shop WHERE shopname=:shopname');
$stmt->bindParam(':shopname', $shopname);
$shopname = $yourdefined;
$stmt->execute();
$stmt->bindColumn(1, $shopid);
while($stmt->fetch()){
echo $shopid,PHP_EOL;
}
Well,you can also use the base sql like this:
$shopid = $pdo->query('SELECT shopid FROM `shop` WHERE shopname=\'{$shopname}\'')->fetchAll(PDO::FETCH_ASSOC);
solution5
-1 2013-10-21 06:03:21
'...' . $shopname . '...'
Using point to join more than 1 string
solution6
-2 2013-10-21 05:58:25
Try This:
$query = "SELECT shopid FROM shop WHERE shopname= '".$shopname."'";
$result = mysql_query($query);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.