How do I prevent interpretation of $ in "quoted" strings as variable?

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
rowanbradley1
New php-forum User
New php-forum User
Posts: 7
Joined: Sat Feb 25, 2017 10:30 am

Wed Mar 29, 2017 12:28 pm

In my PHP code, I have the following statement:

Code: Select all

	$sql = "SELECT * FROM Members\$Roles AS mr JOIN Roles\$Permissions AS rp ON mr.RoleId = rp.RoleId JOIN Permissions AS p ON rp.PermissionId = p.PermissionId WHERE mr.MemberId = '" . $_SESSION['current_member_id'] . "'";
After this the variable $sql contains this:

Code: Select all

SELECT * FROM Members$Roles AS mr JOIN Roles AS rp ON mr.RoleId = rp.RoleId JOIN Permissions AS p ON rp.PermissionId = p.PermissionId WHERE mr.MemberId = '4'
The question is, why is it losing the $Permissions off Roles\$Permissions? I suppose it must be interpreting the $Permissions as a variable, but why is the \ not preventing this? How do I get this to work as I intended? I don't really want to change the names of my database fields to stop using the $ character, but presently this is all I can think of...

Thanks - Rowan
User avatar
hyper
php-forum GURU
php-forum GURU
Posts: 998
Joined: Mon Feb 22, 2016 5:52 pm

Wed Mar 29, 2017 3:07 pm

If, what you mean is that, after execution of your first script, the $sql variable contains your second string, then this is correct behaviour, the backslash is an escape character which will not be stored in the string.
NigelRen
php-forum GURU
php-forum GURU
Posts: 622
Joined: Fri Aug 05, 2011 9:53 am

Thu Mar 30, 2017 11:34 pm

To be honest - I would take the hit now and change the database tables/columns to not have a $ sign in. This is not standard and is something that as you've already experienced, can cause all sorts of problems!
Post Reply