How to use a variable value in a mysql query

[fawadmz]

a variable value is taken from another page using post. and this variable is name of a column in mysqldatabase. i want to make a query from this column.

I tried
$data = mysql_query("SELECT $sql_column FROM Subscribers")


but that did not worked.
will be thankfull for help.

[simplypixie]

Difficult to help without seeing the relevant code for your form and the rest of the script you have, but based on what you have posted, unless you have assigned the value of the posted data to that variable then it will be empty.

Presuming you haven't assigned the value to the variable, try

Code: Select all

<?php
$sql_column = $_POST['column_name']; // Don't know the name of your post field so guessing
$data = mysql_query("SELECT ' " . $sql_column . " ' FROM subscribers");

while ($data_row = mysql_fetch_array($data)) {
 echo $data_row[$sql_column];
}


[seandisanti]

To elaborate a little further, it depends on the type of data being held by the variable. The example given above is perfect for a text value, but it will not work for a numeric value. It's important to think of how MySql needs the value, when writing a query into the console for example, literal strings are surrounded with single quotes, and numeric values are passed without any delimiters at all. A direct query would look like:

Code: Select all

SELECT field1, field2 FROM table WHERE field1>0 and field2='example';

If we are using variables for the where values through php, we don't need the semi colon on the end, and the query is generated like this:

Code: Select all


$field1=1;
$field2='example';
$sql="SELECT field1, field2 FROM table WHERE field1>" . $field1 . " and field2='" . $field2 . "'";
 

then you'd just call it with mysql_query($sql);

[simplypixie]

Sorry seandisanti, but I have to disagree as the OP is (for some reason) wanting to pass through the column name into the query, not the value so it will always be a text value, not an integer.

Also, if you pass through and integer using the same format, it doesn't cause any problems - you can pass integers with or without quotes.

[seandisanti]

You are 100% correct, I missread and stand corrected. Good catch!