0

I'm trying to input a PHP variable (in this case $beg) into a mySQL query but it returns an empty array result. The type of the field in the database is an integer. When I type in an actual value instead of the variable I get the correct result. What's wrong?

    $beg = time()-5000;
    settype($beg, "integer");

    $result = mysql_query('SELECT * FROM records WHERE time>=$beg ORDER BY time ASC');

    $statusdata = array();
    while ($row = mysql_fetch_array($result)) {
    array_push($statusdata, $row["status"]);
    }
Improve this question
3
  • you shouldn't be mixing php and mysql time values. there's subtle race conditions that can occurl. mysql is perfectly capable of doing its own date math: where time >= unix_timestamp(now() - interval 5000 second) Commented May 28, 2014 at 15:03
  • For that I would set the field as a timestamp in the DB right? Commented May 28, 2014 at 15:08
  • you're already going integer comparisons, so I'm assuming the time field is an int. if it's a datetime, then you don't need the timestamp stuff at all. time >= now() - interval 5000 second Commented May 28, 2014 at 15:09

5 Answers 5

Reset to default
5

Make sure you use double quotes when using $variables inside the string.

    $result = mysql_query("SELECT * FROM records WHERE time>= $beg ORDER BY time ASC");
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Or better, use string concatenation. Or better still, don't use mysql_* function and use prepared queries instead
2

You should use prepared statements instead of mysql_query.

$beg = time()-5000;
settype($beg, "integer");

$db = new mysqli("host","user","pw","database");
$stmt = $db->prepare("SELECT status FROM records WHERE time>=? ORDER BY time ASC");
$stmt->bind_param('i', $beg);
$stmt->execute();

$stmt->store_result();
$stmt->bind_result($status);

$statusdata = array();
while($stmt->fetch())
{
  array_push($statusdata, $status);
}

$stmt->close();
Improve this answer

2 Comments

I'm not quite there yet still learning the basics but thanks, really nice example.
Using prepared statements prevents you from SQL injections that you can face using mysql_query which is deprecated. You should use pdo or mysqli instead.
0

Change the line

$result = mysql_query("SELECT * FROM records WHERE time>=$beg ORDER BY time ASC");

You must use double quote strings to put variables.

Improve this answer

Comments

0

Change your query 

$result = mysql_query(" SELECT * FROM records WHERE time >= $beg ORDER BY time ASC ");

You cannot use variable inside single quotes.

Improve this answer

Comments

0

try this method, I use a lot:

$beg = time() - 5000;
$query = sprintf("SELECT * FROM %s WHERE time >= '%o' ORDER BY %s ASC", "records", $beg, "time");
$result = mysql_query($query);

remeber, time() result is Integer, you don't need set him in to an Integer

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.