PHP variable in $row[]

Question

Any idea how to include variable in $row[] mysqli_query?

what I've tried until now:

1

$result = mysqli_query($connection, "SELECT ".$var." AS Variables, COUNT(*)  FROM data GROUP BY '$var'"); 
while($row = mysqli_fetch_array($result)) {
    echo $row['Variables'];
    echo $row['COUNT(*)']; 
}

2

$result = mysqli_query($connection, "SELECT '$var', COUNT(*)  FROM data GROUP BY '$var'"); 
while($row = mysqli_fetch_array($result)) {
    echo $row[$var];
    echo $row['COUNT(*)']; 
}

Also, I've tried all combination

echo $row[$var];
echo $row["$var"];
echo $row['$var'];

I really *REALLY* hope `$var` is not submitted by the user... — Federico klez Culloca, Apr 03 '18 at 13:53
Please explain a bit more. Including a vaiable in `$row` is what you have been doing in `$row[$var]` — Ashish Choudhary, Apr 03 '18 at 13:54
Anyway, the first one is good (except for the risk of injection), just group by `Variables` instead and add an alias for the count, so you can use that as an index for `$row`. — Federico klez Culloca, Apr 03 '18 at 13:57
both codes I wrote is not working, group by Variables not returning anything — Serghei Pogor, Apr 03 '18 at 14:14
What is the database table schema? What are you trying to select as $var — Grant, Apr 03 '18 at 14:15
**Don't** build SQL queries by string concatenation. It is error-prone and vulnerable to [SQL-injection](http://bobby-tables.com). Use [prepared statements](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php/60496#60496). — axiac, Apr 03 '18 at 14:25

score 2 · Accepted Answer · answered Apr 03 '18 at 14:11

2

Try this:

$result = mysqli_query($connection, "SELECT ".$var." AS Variables, 
COUNT(*) AS count FROM data GROUP BY '$var'"); 
while($row = mysqli_fetch_array($result)) {
    echo $row['Variables'];
    echo $row['count']; 
}

answered Apr 03 '18 at 14:11

Grant

2,413
2
30
41

thanks, it's work now. So, the issue was with COUNT(*)... didn't think about it at all – Serghei Pogor Apr 03 '18 at 14:24
Just create an alias instead of selecting just COUNT(*), then its easy to access that in the while loop – Grant Apr 03 '18 at 14:25
**NB:** You have a **GAPING SECURITY HOLE** in your SQL statement, you need to ensure that a user cannot inject code into your SQL query by manipulating the $var variable. SQL Injection: https://www.acunetix.com/websitesecurity/sql-injection/ Use PDO or prepared statements instead. – Grant Apr 03 '18 at 14:28
thanks for your advice, it's for a local server, no one has access except admin – Serghei Pogor Apr 03 '18 at 14:32

PHP variable in $row[]

1 Answers1