Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
del9937882016-11-27 11:27:26
PHP
del993788, 2016-11-27 11:27:26

How to insert a variable in mysql query, which value is text?

Hello. My site sends the word " lux " to the php file.
Its php meets it like this:

$nnomer = $_POST['nnomer']; // то самое слово lux
$query = "SELECT datestart, dateend FROM main WHERE namenomer = '$nnomer'";

The problem is that the word lux should be in quotes, but in fact it turns out that I have the $nnomer variable in quotes. And when it's in quotation marks, it, variable, becomes an ordinary word. That is, php is looking for namenomer not lux, but $nnomer. Tell me how to be?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
roswell, 2016-11-27
@del993788

You should never write queries this way, because it is a direct road to SQL injection . It would be better to arrange something like

$pdo = new PDO( /* параметры соединения с БД */ );
$result = $pdo->prepare( 'SELECT datestart, dateend FROM main WHERE namenomer = :namenomer' );
$result->execute( array(
    ':namenomer' => empty( $_POST[ 'nnomer' ] ) ? '' : $_POST[ 'nnomer' ]
) );

Similar questions
S
Sergey Buben2016-06-16 11:37:54
How to add a second price in VirtueMart in Joomla? 3Reply
A
Astral1004982020-09-25 14:08:44
How to clear a tab from a line? 2Reply
R
Rustam Akhmetov2016-06-27 10:05:19
How to speed up cms Moodle? 4Reply
S
Sergey Kulandin2015-04-20 12:45:33
Is crossfire radeon 7850+7870 stable? 3Reply
R
Roman Gamretsky2014-05-27 17:47:30
How to dynamically replace PartialView in one page? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question