0

So instead of spending much time explaining i will just show you what the problem is, i have this method 

public function lockCheck($string)
   {
        $Data = $this->getQuery("SELECT '$string' from settings where id=1");
        if ($Data->num_rows==1)
        {
            while($Row = $Data->fetch_assoc())
            {
                if ($Row[$string]==1)
                {
                    return true;
                }

                else 
                {
                    return false;
                }
            }
        }
   }

And its working perfectly fine if i dont have a parametar and just use 'locked' which is column from my table. But when i try using parametar $string it will always return false.

And this is how i call the method:

$ks->lockCheck("locked")

Any help will be appreciated.

Improve this question
4
  • 2
    Why the single quotes (') around $string in "SELECT '$string' from settings where id=1"? That's invalid SQL.... It should be backticks (`) if anything Commented Dec 24, 2014 at 14:36
  • 1
    Remove the single quotes! Commented Dec 24, 2014 at 14:36
  • 1
    @MarkBaker technically its not invalid, mysql would select the string 'locked' literally, where id is 1 Commented Dec 24, 2014 at 14:42
  • @Andrew - true enough, selecting a string literal is valid Commented Dec 24, 2014 at 14:44

1 Answer 1

Reset to default
1

In your SQL, when you want to avoid to use a reserved keyword, you need to escape your variable wiht ` character, not single quote.

For example:

$Data = $this->getQuery("SELECT `".$string."` from settings where id=1");

This is also works, but previous I think is more elegant:

$Data = $this->getQuery("SELECT `$string` from settings where id=1");
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks man i always thought it was single quotes instead of `

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.