Re: use php variable within postgresql query

Michael Oki <mikeoki.oki@xxxxxxxxx> · Mon, 12 Jun 2023 16:21:07 +0200

Meanwhile, you should probably use prepared statements to avoid SQL
injection.

On Mon, 12 Jun 2023 at 16:03, e-letter <inpost@xxxxxxxxx> wrote:

> First, sorry for the mistake to type a sanitised version of code.
> Should have been:
> "$query=$_GET['databasecolumn'];"
>
> After some rtfm, confused as a non-computer-programmer why it is
> necessary to set the $_GET parameter.
>
> The overall simple scenario is to view a postgresql database in a
> series of html web pages of more details of data ("drill down"?).
>
> php code within html file 1:
> "
>         $databasequery=pg_query($databaseconnection,'SELECT
> databasecolumn1,
> databasecolumn2 FROM databasetable');
>                         if (!$databasequery) {
>                                 echo 'rubbish code';
>                                 exit;
>                                 }
>                         while
> ($databasequery1=pg_fetch_assoc($databasequery)) {
>                                 echo '<p>
>                                         <span><a
> href="localfile.php?databasecolumn1='.$databasequery1['databasecolumn1'].'">'.$databasequery1['databasecolumn1'].'</a></span>';
>                                 echo ' <span>'
> .$databasequery1['databasecolumn2'].'</span>';
>                                         </p>';
>                                 }
> "
>
> The first html file shows successfully the a list of hyperlinks from
> the database, for tuples in 'databasecolumn1'. The desired behaviour
> is that the second html file shows another database query result for
> each tuple in the first html file, i.e. more detail from the database
> for each tuple in 'databasecolumn1'.
>
>
> php code within html file 2:
> "
> $databasequery2=pg_query($databasequery1);
> $databasequery3=pg_query("SELECT * FROM databasetable WHERE
> databasecolumn1='{$databasequery2['databasecolumn']}'");
> echo $databasequery3
> "
>
> The html file 2 shows:
> "
> resource id#3
> "
>
> The expected result was to show all columns for the row constraint
> (...WHERE ...)
>
> It seems that the use of a php variable within a postgresql query is
> not understood. What relevant terminology to read next please?
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
*Thanks In Advance,*

*Michael OKI*

*CBSA*
*Technologist*
*+34663549276*
*"Impossible Is Nothing"*

*Scan and share QR codes on the mycodescanner
<https://play.google.com/store/apps/details?id=com.inspirati.mycodescanner&hl=en_US&gl=US>app*

BTA Certified Blockchain Solution Architect & IEEE member
https://michaeloki.blogspot.com