0
$results = mysql_query("select * from doctorlist where assignednumber = '1231231234' ");

I need to change the number 1231231234 to a variable. If I change it to the code below it does not work. I have displayed the variable on the page so I know it is set.

$results = mysql_query("select * from doctorlist where assignednumber = '$phoneNumber' ");

Could someone please help. I know it is a small issue, but have been unable to fix it.

user1760082
  • 1
  • 1
    There is bogus data in the variable or it is a bogus variable - the question is then: *what* does the variable evaluate to at the time of interpolation? In any case, see http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php for cleaners/safer ways to write such a query. –  Oct 19 '12 at 21:41
  • try `echo("select * from doctorlist where assignednumber = '$phoneNumber' ");` – codingbiz Oct 19 '12 at 21:44
  • just `echo $phoneNumber`, your problem will likely fall there – d-_-b Oct 19 '12 at 21:46
  • What you want is known as parametrization, and it is supported by the MySQLi and PDO extensions. You can read up on them [here](http://net.tutsplus.com/tutorials/php/pdo-vs-mysqli-which-should-you-use/) – Asad Saeeduddin Oct 19 '12 at 21:50
  • @Asad you're talking about PDO prepared tsatements but I think he has different problem and doesn't need PDO. – Alex Rashkov Oct 19 '12 at 21:58
  • @infinity it seemed to me as though he wanted to introduce a variable value into a query, so I suggested he use parametrization (not necessarily PDO, MySQLi does fine too) – Asad Saeeduddin Oct 19 '12 at 22:02
  • @Asad I totally agree with your comment but I think his variable is either bogus or he has array/object not string/int and that is causing the problem. – Alex Rashkov Oct 19 '12 at 22:07
  • The $phonenumber variable is passed from my phone system. I can echo the variable and it displays the correct number. I just can't get it to do the query based on the variable – user1760082 Oct 19 '12 at 22:07
  • Good, so there is a value in the variable; is there also a record in doctorlist that has the same value for the column assignednumber? – Asad Saeeduddin Oct 19 '12 at 22:10
  • Yes the number that the variable is set to is in the assignednumber column – user1760082 Oct 19 '12 at 22:12

3 Answers3

0

Perhaps split it like this

$sql_query = "select * from doctorlist where assignednumber='$phoneNumber'";
$results = mysql_query($sql_query);

or

$sql_query = "select * from doctorlist where assignednumber='".$phoneNumber."' ";
$results = mysql_query($sql_query);
RolandoMySQLDBA
  • 43,883
  • 16
  • 91
  • 132
0

First check your variable type with var_dump($phoneNumber) than do the following:

$results = mysql_query("select * from doctorlist where assignednumber = '".$phoneNumber."' ");

to improve readability and last if you expect an Integer cast your variable like:

(int)$phoneNumber

or if string do 

mysql_real_escape_string($phoneNumber)
Alex Rashkov
  • 9,833
  • 3
  • 32
  • 58
  • Instead of concatenating a double quoted string with a variable, it's clearer to just put the variable in the string. E.g. "this is $my_var." vs "this is ".$my_var."." – Greg Oct 19 '12 at 21:54
  • @Greg that's up to personal preference it's not a rule so I agree with you – Alex Rashkov Oct 19 '12 at 22:05
0

Try using the variable inside the query like this:

'{$phoneNumber}'

Matija Milković
  • 2,458
  • 2
  • 15
  • 27