0
    for($nr = 0; $nr < 2; $nr++){

        print $nr; print(gettype($nr));   // prints 0integer 

        $result = mysqli_query($con,"SELECT * FROM phcdl_files 
        ORDER BY file_id DESC LIMIT '$nr',1") 
        or die(mysqli_error($con));
    }

Trying to run the query above but I'm having troubles because of syntax. Running it on PhpMyAdmin with Limit 0,1 works good however

Any idea what's the problem?

Erki
  • 59
  • 9
Pedro
  • 416
  • 1
  • 8
  • 24
  • Does it give you errors? – Marco Mura Nov 25 '14 at 10:07
  • 2
    You've incorrectly placed quotes around the `$nr` value. Instead use prepared statements with parameters. – Dai Nov 25 '14 at 10:07
  • @Dai: there are issues with bound parameters used with `LIMIT` clause. As soon as it's an integer - it's trivial to sanitize it and put into query directly. – zerkms Nov 25 '14 at 10:08
  • always use prepared statements, to shield you from sql injection. – timh Nov 25 '14 at 10:09
  • 2
    @timh although using prepared statements are great, i cannot see any cause for alarm in this query.. there's no user generated data, just a system generated integer.. so he's safe from sql injection – CᴴᵁᴮᴮʸNᴵᴺᴶᴬ Nov 25 '14 at 10:10
  • give me a minute to try it. SQL injection isn't a problem because I'm only using it myself to import an old website to WordPress – Pedro Nov 25 '14 at 10:16

3 Answers3

4

Try with - 

"SELECT * FROM phcdl_files ORDER BY file_id DESC LIMIT $nr,1"
Sougata Bose
  • 31,517
  • 8
  • 49
  • 87
1

I think the issue is that you're adding quote around the 0.

Your SQL query should look like:

"SELECT * FROM phcdl_files ORDER BY file_id DESC LIMIT $nr, 1"
RemyG
  • 486
  • 5
  • 11
0

remove single quotation of $nr veriable from query

QUERY = "select * from tb_name order by id desc limit $nr , 1"
jay.jivani
  • 1,560
  • 1
  • 16
  • 33