Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
del9937882016-11-27 11:27:26
PHP
del993788, 2016-11-27 11:27:26

How to insert a variable in mysql query, which value is text?

Hello. My site sends the word " lux " to the php file.
Its php meets it like this:

$nnomer = $_POST['nnomer']; // то самое слово lux
$query = "SELECT datestart, dateend FROM main WHERE namenomer = '$nnomer'";

The problem is that the word lux should be in quotes, but in fact it turns out that I have the $nnomer variable in quotes. And when it's in quotation marks, it, variable, becomes an ordinary word. That is, php is looking for namenomer not lux, but $nnomer. Tell me how to be?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
roswell, 2016-11-27
@del993788

You should never write queries this way, because it is a direct road to SQL injection . It would be better to arrange something like

$pdo = new PDO( /* параметры соединения с БД */ );
$result = $pdo->prepare( 'SELECT datestart, dateend FROM main WHERE namenomer = :namenomer' );
$result->execute( array(
    ':namenomer' => empty( $_POST[ 'nnomer' ] ) ? '' : $_POST[ 'nnomer' ]
) );

Similar questions
I
ITpie2021-03-25 20:16:06
How to make docker to test python code with certain libraries? 3Reply
S
sl02020-09-28 23:18:33
Is it possible to make a background like this with pure css? 3Reply
T
thehighhomie2018-11-30 12:28:13
Plugin to generate PDF from JavaScript? 4Reply
K
khudobinvasiliy2021-04-02 20:04:00
How to resolve 500 error on Flask Heroku? 3Reply
M
Matvey Bubenets2017-04-20 04:38:37
How to disable Remote Desktop Licensing? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question