0
    <?php

    // Working SELECT query.
    $db = new SQLite3('casino.db');

    // This works great and returns only name = bergpau !!!
    $results = $db->query('SELECT * FROM employe WHERE username="bergpau"');
   while ($row = $results->fetchArray()) 
         print  $row['nom'] . "<BR>";

   // This DOES NOT WORK AT ALL, returns no values !!! HELP !!!
   $astring = "bergpau";
   $results = $db->query('SELECT * FROM employe WHERE username=$astring');
   while ($row = $results->fetchArray()) 
        print  $row['nom'] . "<BR>";

   ?>

Opening database, ok return no value since it cannot validate string in WHERE clause

Paul Bergeron QC
  • 1
  • Did you check for errors? The second SELECT looks like it would result in a mysql error –  Jul 08 '16 at 02:29
  • http://stackoverflow.com/questions/5605965/php-concatenate-or-directly-insert-variables-in-string this will be of interest to you –  Jul 08 '16 at 02:31

1 Answers1

1

Strings, in SQL (and PHP), need to be quoted like you did in your first query (username="bergpau"). This also could open you to SQL injections; you should use parameterized queries.

$results = $db->query("SELECT * FROM employe WHERE username='{$astring}'");

Also variables in single quotes aren't processed by PHP.

Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.

-http://php.net/manual/en/language.types.string.php

Alternatively you could pass the quotes in the assignment (note the double quotes are for the encapsulation in PHP, the single quotes are stored in the value of $astring):

$astring = "'bergpau'";

then you'd just need to concatenate the variable.

$results = $db->query('SELECT * FROM employe WHERE username=' . $astring);
chris85
  • 23,846
  • 7
  • 34
  • 51