-1

I have entered the following query in MySQL:

insert into hospital (name,age) values ('william', 'select * from department where age = $agegrp');

Now I have fetched this value (the sql), and trying to execute it. How can i do this?

I have fetched the select statement into a variable called $var. 

$agegrp = "10";
$value = mysql_query ($var) or die ('error');

I only get error so something is wrong with my query that I inserted. How can I solve this?

Improve this question
3
  • 1
    It would be better to have die( mysql_error() ) and then you could see what the error is (I won't spoil the surprise). Commented Jul 13, 2012 at 11:54
  • where and how do you set $var? could you show your complete code if the mysql_error() doesn't help you? Commented Jul 13, 2012 at 11:55
  • 3
    Please don't use mysql_* functions in new code. They were removed from PHP 7.0.0 in 2015. Instead, use prepared statements via PDO or MySQLi. See Why shouldn't I use mysql_* functions in PHP? for more information. Commented Jul 13, 2012 at 12:01

3 Answers 3

Reset to default
1

first question for me: why do you store sql code in your hospital table? it would make more sense if all your sql code would be embedded in your php program code. if you later change your table design, you won't have to change the content of the database table.

but to answer your question, the content of your $var is a simple string. what you want is to evaluate it or to replace the string '$agegrp' with the actual value of the variable $agegrp. so you could do:

$agegrp = "10";
$var = str_replace('$agegrp',$agegrp,$var;
$value = mysql_query ($var) or die ('error');

this would be a simple solution.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

age is a property that will probably be an integer. You can't insert a query into that field. What you need to do is execute query; 

"SELECT * FROM Department WHERE age = {$agegrp}"

Then, get the result of that and then execute your insert. Also, look at bind parameters for your queries early on. You don't want to allow sql injection.

Improve this answer

1 Comment

no, the value $agegrp doesn't get replaced with 10. It doesn't get executed. when i echo it just prints "SELECT * FROM Department WHERE age = {$agegrp}"
0

Try this one. 

 <?php
    $con = mysqli_connect("localhost","username","password");
    if (!$con)
      {
      die('Could not connect: ' . mysqli_error());
      }

  $var=  mysqli_select_db("my_db", $con);

    $var="select * from department where age = $agegrp");
    $result=mysqli_query($var);
    while($row = mysqli_fetch_array($result))
      {
      echo $row['age'] ;
      echo "<br />";
      }

mysqli_close($con);
?>
Improve this answer

1 Comment

Please don't use mysql_* functions in new code. They were removed from PHP 7.0.0 in 2015. Instead, use prepared statements via PDO or MySQLi. See Why shouldn't I use mysql_* functions in PHP? for more information.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.