Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I tried this Google query but it didn’t show up (possibly because { was parsed as some special character or ignored).
I saw a query made on an example somewhere that looks like this:
SELECT `id` FROM areas WHERE `name` = '{$listing['cityname']}'
And this was in PHP (so inside mysql_query())
My best guess is it searches as a Lowercase (same as LOWER(name) AS...) but I want to be 100% sure how that’s supposed to work.
That’s PHP syntax, not MySQL syntax. It allows you to interpolate complex expressions in a double-quoted string. So in your example, the array index
$listing['cityname']will be evaluated, and its value used in your query.It has nothing to do with SQL whatsoever.
By the way, that’s a gaping SQL injection vulnerability, assuming the array value hasn’t yet been escaped with something like
mysql_real_escape_string(). Most people use prepared statements for building SQL queries these days.