PHP MySQL queries with variables

Question

In my php I make this query

$sql = "SELECT * FROM session WHERE sessionid = '$_SESSION["id"]';";

which results in an error

Parse error: syntax error, unexpected '"', expecting '-' or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in /opt/lampp/htdocs/Chore-Champs/index.php on line 6

Obviously there is something wrong with how I'm nesting the quotes, so I've tried different ways, including

$sql = "SELECT * FROM session WHERE sessionid = " . $_SESSION['id'] . ";";

this still results in the same error.

Normally the first method would work with normal variables such as $username, but I guess that session variables are handled differently. What's the correct way to write this query?

You need to enclose `$_SESSION["id"]` in `{}` to protect the `"`s around `id` i.e. $sql = "SELECT * FROM session WHERE sessionid = '{$_SESSION["id"]}';"; — Nick, Jan 19 '19 at 05:21
I would highly recommend using prepared statements see here: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 — umarsa, Jan 19 '19 at 05:29

score 0 · Accepted Answer · edited Jan 19 '19 at 06:50

0

Try

$sql = "SELECT * FROM session WHERE sessionid = '" . $_SESSION['id'] . "';";

A basic string concatenation in php

edited Jan 19 '19 at 06:50

Andrew

357
5
16

answered Jan 19 '19 at 05:14

Sanjit Bhardwaj

893
7
13

score 0 · Answer 2 · answered Jan 19 '19 at 05:15

0

try this:

$sql = "SELECT * FROM session WHERE sessionid = '". $show. "'";

answered Jan 19 '19 at 05:15

PHP Geek

3,949
1
16
32

What is `$show` supposed to be? – sticky bit Jan 19 '19 at 05:24

PHP MySQL queries with variables

2 Answers2