{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 趁早两清 的问题《how to Check string present in database column? [c》','https://www.manongdao.com/q-824780.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have document table with fields id, sender_id, receiver_id and receiver_id contains string value like U12,U13,U14 now I currently logged in user and I want to find all records in which receiver_id contains my user_id means my user_id is U13. now how to write the query to fetch records.
my query is:
$selDoc="SELECT * FROM documents WHERE sender_id='U".$_SESSION['userId']."' OR "U".$_SESSION['userId']." IN (receiver_id) ORDER BY id DESC";
but I got the error Unknown column 'U13' in 'where clause'
You're missing a quote there. Furthermore you should consider using bind variables in your query (assigning the values to look for to variables and then using placeholders in your query) to avoid problems of SQL injection (If you dont know what that is, look it up, it is vitally important to know!)
You string concatenation is messed up, it should be: (further simplified)
when the statement above is parsed, it will then look like this:
As a sidenote, the query is vulnerable with
SQL Injectionif the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By usingPreparedStatementsyou can get rid of using single quotes around values.