variable within an sql statement
Question
I have the following code
if(isset($_POST['submit']) || isset($_POST['mon']) || isset($_POST['yer']) ||
isset($_POST['acty'])) {
$mon = $_POST['mon'];
$yer = $_POST['yer'];
$acty = $_POST['acty'];
}
$str = "SELECT pty, SUM(`PW`) as Total
FROM heal
WHERE mon='$mon'
AND yer='$yer'
GROUP BY pty";
how can i pass the variable $acty into this: SUM('PW') ....That is SUM('$acty')
1 answers
solution1
0 2019-03-04 12:37:03
exactly as you said.
$str = "
SELECT
pty,
SUM($acty) as Total
FROM
heal
WHERE
mon='$mon' AND
yer='$yer'
GROUP BY
pty";
You can have variables inside double quotes and php will give you its contents.
Side Note: Your code is open for SQL Injection, you must need to prevent your code with SQL injection. Some useful links:
How can I prevent SQL injection in PHP?
Are PDO prepared statements sufficient to prevent SQL injection?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Use a PHP variable within an SQL statement
Encoding within SQL statement
SQL IF STATEMENT with PHP variable
PHP Variable in SQL Statement
Output a variable within an else statement
Combine LIKE within an IN statement in SQL?
SQL code in variable within a variable
text variable in sql statement - PHP
PHP SQL Statement not accepting Variable
Limit not working in SQL statement with Variable
Related Tags