How to create new php file which include sql

Question

I want to create dynamically a new php file. Inside the new file i want my sql query. Here's my code

    $myfile = "".$file.".php"; // or .php  
    //echo $myFile;
    $fh = fopen($myfile, 'w'); // or die("error");  
    $stringData = '<?php

            $sql = "SELECT * FROM users, epixeir WHERE users.user = ".$_SESSION["user"]." AND user.pass = ".$_SESSION["pass"]." ;";
            $result = $conn->query($sql);
            ?>

    ';   
    fwrite($fh, $stringData);

In new file $myfile there is a "Notice: Trying to get property of non-object".

If i edit it to '".$_SESSION["user"]"' working fine, but this i want to do it dinamically. So if i write my above code like

    $myfile = "".$file.".php"; // or .php  
    //echo $myFile;
    $fh = fopen($myfile, 'w'); // or die("error");  
    $stringData = '<?php

            $sql = "SELECT * FROM users, epixeir WHERE users.user = '".$_SESSION["user"]."' AND user.pass = '".$_SESSION["pass"]."' ;";
          //$sql = "SELECT * FROM users, epixeir WHERE users.user = '".$_SESSION['user']."' AND user.pass = '".$_SESSION['pass']."' ;";
            $result = $conn->query($sql);
            ?>

    ';   
    fwrite($fh, $stringData);

Then i receive "Parse error: syntax error, unexpected '"' "

I'm confused and I need your help.

Did you try to escape your " character? Try this: `$sql = "SELECT * FROM users, epixeir WHERE users.user = '".$_SESSION[\"user\"]."' AND user.pass = '".$_SESSION[\"pass\"]."' ;";` — James, Jun 08 '15 at 19:15
The problem is in the first and last quot `'".$_SESSION["user"]."'` not there you say — user3746116, Jun 08 '15 at 19:17
I tried like you say in the first and it's ok, thank you and sorry for my fast answer — user3746116, Jun 08 '15 at 19:23

score 1 · Answer 1 · edited May 23 '17 at 11:51

1

You should use " instead of ' initially and then escape the other " you want in the string. In the example your string has ended in the second '. So all the rest is a syntax error. You can also use double quotes.

There is more information in these links:

Escaping quotation marks in PHP

How to escape strings in SQL Server using PHP?

edited May 23 '17 at 11:51

Community

1
1

answered Jun 08 '15 at 19:15

Nelson Teixeira

6,297
5
36
73

score 0 · Answer 2 · answered Jun 08 '15 at 19:25

0

Try this....

$sql = "SELECT * FROM users, epixeir WHERE users.user = '".$_SESSION['user']."' AND user.pass = '".$_SESSION['pass']."'";

answered Jun 08 '15 at 19:25

charles okojie

708
2
10
23

In first code single quot will close $stringData. I tried myself. James gave me the answer, thank you – user3746116 Jun 08 '15 at 19:36

score 0 · Answer 3 · answered Jun 08 '15 at 20:11

' is literal " is processed

If you start the string using ' the inner ' need to be escaped. If you star using ", the inner " need to be escaped.

If you use ' the inner variables won't be processed and your string will receive the variables as literal text.

If you use " the variables inside the string will be changed to values before the string is aserted to the variable.

You can escape characters using \ before the character that needs to be literal.

Examples:

$fruit = 'apple';

$ex1 = "I like $fruit"; // I like apple

$ex2 = 'I like $fruit'; // I like $fruit

or escaping special character:

$ex3 = "I like \$fruit"; // I like $fruit

$ex4 = "I like \"$fruit\""; // I like "apple"

How to create new php file which include sql

3 Answers3