tags:

views:

223

answers:

7
+1  Q: 

Multiple columns after a WHERE in PHP?

Hey all, just a quick question (should be an easy fix I think). In a WHERE statement in a query, is there a way to have multiple columns contained inside? Here is my code:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and pwd='$pass'";

What I want to do is add another column after the WHERE (called priv_level = '$privlevel'). I wasn't sure of the syntax on how to do that however.

Thanks for the help!

A: 

Wrapped for legibility:

$sql="
  SELECT * 
  FROM $tbl_name 
  WHERE username='$myusername' and pwd='$pass' and priv_level = '$privlevel'
";

Someone else will warn you about how dangerous the statement is. :-) Think SQL injection.

Tomalak  2009-06-10 15:14:11
+3  A: 

Read up on SQL. But anyways, to do it just add AND priv_level = '$privlevel' to the end of the SQL.

This might be a pretty big step if you're new to PHP, but I think you should read up on the mysqli class in PHP too. It allows much safer execution of queries.

Otherwise, here's a safer way:

$sql = "SELECT * FROM $tbl_name WHERE " .
       "username = '" . mysql_real_escape_string($myusername) . "' AND " .
       "pwd = '" . mysql_real_escape_string($pass) . "' AND " .
       "priv_level = '" . mysql_real_escape_string($privlevel) . "'";
Blixt  2009-06-10 15:14:14
PDO is even better than mysqli
Tom Haigh  2009-06-10 15:28:28
I must say I hadn't heard of PDO... But then again, last time I used PHP properly was about four years ago... Thanks for the tip! =)
Blixt  2009-06-10 15:44:32
A:  
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and pwd='$pass' and priv_level = '$privlevel'";

If you prefer to not use ", try this:

$sql='SELECT * FROM '.$tbl_name.' WHERE username=\''.$myusername.'\' and pwd=\''.$pass.'\' and priv_level=\''.$privlevel.'\'';
KM  2009-06-10 15:14:28
A:  
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and pwd='$pass' AND priv_level = '$privlevel'";

On a side note: what you appear to be doing here is quite bad practice.

rikh  2009-06-10 15:14:46
A: 

I think you need to add it (may be with AND) to the WHERE-clause:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and pwd='$pass' and priv_level = '$privlevel'";
Develman  2009-06-10 15:15:43
A: 

Uhm, your query already uses multiple columns in the WHERE clause :)

SQL injection issues aside (be careful):

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and pwd='$pass' and priv_level='$privlevel'";
Thorarin  2009-06-10 15:15:43
A: 

The WHERE clause can AND any number of checks, so you can easily have three where you not have two, just add and priv_level='$priv_level' at the very end.

Edit: as @thorarin's answer mention, this is a risky way to build up SQL queries, and parameter binding would be safer -- but that's orthogonal to using two vs three columns in the WHERE clause.

Alex Martelli  2009-06-10 15:15:45

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL