Erik, Although, I've not proved this I think the PHP parser gets confused when it sees a complex variable reference, $_GET[ 'criteria_integer' ] embedded within double quotes. I've run into similar error messages so I've been breaking out the variable from the double quotes as follows:
$sql = "SELECT * FROM tablename WHERE tablename.column=" . $_GET['criteria_integer']"; or: $A = $_GET['criteria_integer']; $sql = "SELECT * FROM tablename WHERE tablename.column=$A"; Erik Price wrote: > > I thought that $_GET[] and $_POST[] could be used in place of regular > variables... that is, > > $sql = "SELECT * FROM tablename WHERE > tablename.column=$_GET['criteria_integer']"; > > but unfortunately, this isn't working. It resulted in the following > error message in the browser: > > Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or > `T_NUM_STRING' in /home/eprice/public_html/people3.php on line 150 > > Yes, line 150 is exactly where I have this. > It does seem to work if I do this: > > $criteria_integer = $_GET['criteria_integer']; > $sql = "SELECT * FROM tablename WHERE > tablename.column=$criteria_integer"; > > But I thought that the $_GET variable could be used in the same way that > I historically used the simple variable name $criteria_integer . > > Can anyone shed some light on how these predefined variables work in > this instance? > > Erik > > On Thursday, January 10, 2002, at 08:18 AM, Ford, Mike [LSS] wrote: > > >> -----Original Message----- > >> From: Erik Price [mailto:[EMAIL PROTECTED]] > >> Sent: 09 January 2002 19:22 > >> > >> I'm trying to write my code in accordance with the PHP 4.1.0 security > >> advisory -- that is, I want to use the $_GET and $_POST arrays when > >> grabbing variables passed with GET and POST forms. But how should I > >> construct the variables for a "switch" statement? I'm left confused, > >> since these aren't written with the "$" prefix as most > >> variables are... > > > > Err -- yes, they are! > > > >> Should it be: > >> case "_POST['insert']" > >> > >> or should it be: > >> case "$_POST['select']" > > > > What's wrong with: > > > > case $_POST['insert'] > > > > But, if you insist on the quotes, it needs to be: > > > > case "{$_POST['insert']}" > > > > to ensure that the array index gets processed properly. > > > > Cheers! > > > > Mike > > > > --------------------------------------------------------------------- > > Mike Ford, Electronic Information Services Adviser, > > Learning Support Services, Learning & Information Services, > > JG125, James Graham Building, Leeds Metropolitan University, > > Beckett Park, LEEDS, LS6 3QS, United Kingdom > > Email: [EMAIL PROTECTED] > > Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- Do you need a Web-based Content Publishing System ? Call me for more details. Ed Swartz ColdFusion and PHP Development 978.772.0888 http://www.sandypondconsulting.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
