tags:

views:

41

answers:

2
Q: 

Drawing up a session value within SQL query? PHP and MySQL

Hi, on one of my web pages I want my manager user to view all activities assigned to them (personally). In order to do this, I need something like this:

$sql = "SELECT * FROM activities WHERE manager = $_SESSION['SESS_FULLNAME']";

Now obviously this syntax is all wrong, but because I am new to this stuff, is there a way I can call up the full name from the user's session within a query? This is so that when I call up the database values to be displayed within the web page, only the activities for the manager who is logged in is displayed. For example, the activities table has a manager column of a full name entry. Any help is much appreciated. Thanks.

A:  
$sql = "SELECT * FROM activities WHERE manager = '".$_SESSION['SESS_FULLNAME']."'";

To use a variables in a query you should use quote...

use ' to define a string in query..

ie. if manager is a number use WHERE manager = ".$_SESSION['SESS_FULLNAME'] (without ')
if manager is a string WHERE manager = '".$_SESSION['SESS_FULLNAME']."'

Marcx  2010-03-15 14:24:49
You are my hero (until I run into my next problem!) Thank you so much for this.
Yvonne  2010-03-15 14:31:44
Note that a string literal must be escaped using mysql_real_escape_string()
Col. Shrapnel  2010-03-15 14:40:41
@Derek Please take Col. Shrapnel's advice and don't include unescaped strings in your query. See also: SQL injection.
middus  2010-03-15 15:00:01
Ok thanks guys, I will look into this.
Yvonne  2010-03-15 15:20:25
+2  A: 

Actually, you do not have to "leave" the string. You can more easily do this:

$sql = "SELECT * FROM activities WHERE manager = {$_SESSION['SESS_FULLNAME']}";

See PHP's double-quoted string syntax for more info.

That said, please use either prepared statements or escaped variables (in that order of preference) when dealing with dynamic parameters.

janmoesen  2010-03-15 14:53:49

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases