0

I have a mysql query that uses a value in an array as part of the WHERE statement. How am I supposed to include this variable?

Here is the sql: "AND gender = '{$user_array[\"gender\"]}'"

PHP returns this error: Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting T_STRING

I have magic_quotes turned on. I've seen some posts suggesting setting the array's value to another variable, but seems unnecessary if I have magic quotes. Is this correct?

Naftali
  • 144,921
  • 39
  • 244
  • 303
Don P
  • 60,113
  • 114
  • 300
  • 432
  • 1
    first thing you should do is turn off the magic quotes: they've been removed from PHP 5.4.x. Then read up on PDO (or mysqli), then consider that, when using double quotes, everything between the curly braces is considered _"not quoted"_, and you normally wouldn't escape the quotes when using an associative array: `$user_array['gender']` can (and should) be placed in between those braces as is – Elias Van Ootegem Dec 26 '12 at 20:32

3 Answers3

0

Just put the entire query in double quotes and then do like AND gender = '$user_array['gender']'

Teena Thomas
  • 5,139
  • 1
  • 13
  • 17
  • Sorry, but that's just wrong: there's ambiguity in that statement: do you want the string value of `$user_array`, followed by the regular string `['gender']` (giving something along the lines of `(array)['gender']`), or do you want the string value of `$user_value['gender']`? no way to know, hence the curly braces are a necessity – Elias Van Ootegem Dec 26 '12 at 20:34
0
"AND gender = '{$user_array['gender']}'"

It was the backslashes that were killing it.

Or you can even do:

"AND gender = '$user_array[gender]'"

Or:

"AND gender = '" . $user_array['gender'] ."'"

Demo: http://codepad.org/lrJllI1K

But all of this put together, you should be using prepared queries

Naftali
  • 144,921
  • 39
  • 244
  • 303
  • 1
    @DonnyP [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – Naftali Dec 26 '12 at 20:16
  • Thanks Neal - unfortunately working on a codebase that still using mysql_query – Don P Dec 26 '12 at 20:17
  • @DonnyP well there is never a better time than now to switch over to a new way of doing things ^_^ Here is a good reference site: http://bobby-tables.com/ – Naftali Dec 26 '12 at 20:18
  • Haha true, we'll need to switch the entire base at once, it will be strange if some code is using my PDO and the rest is still in mysql – Don P Dec 26 '12 at 20:23
  • Using the second option gives this `Notice: Use of undefined constant gender - assumed 'gender'` – Don P Dec 26 '12 at 20:23
  • @DonnyP I never said that it wouldn't throw a notice :-P – Naftali Dec 26 '12 at 20:23
  • I have no idea, I think someone came through and downvoted every comment? – Don P Dec 27 '12 at 20:21
  • @DonnyP this is a comment. My answer is an **answer** :-P – Naftali Dec 27 '12 at 20:22
0

As an alternative, you can do a string concat in PHP and keep your SQL in double quotes which may solve your issue:

"AND gender = '" . $user_array['gender'] . "'...
Jamesking56
  • 3,683
  • 5
  • 30
  • 61