Echo out the dynamically created SQL statement ie., $query = "SELECT *
FROM MyTable WHERE ID = ${ID}"; ECHO $query;" Let us see what is
actually being passed.

P.S. I couldn't agree more with the poster that said, don't pass user
input directly to a SQL statement.

-----Original Message-----
From: Mika Jaaksi [mailto:mika.jaa...@gmail.com] 
Sent: Thursday, February 12, 2009 5:02 PM
To: php-db@lists.php.net
Subject: [PHP-DB] Re: session variable in select query showing picture
from database

*Answer to Rick:

in your code below it looks like you're simply hard-coding your
"$band_id" value (as "11") -- so of course it's going to work.

*Yes, I did that because one of you helpers asked me to try that.

I'll try to be clearer on whom I'm answering to...

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to