SQL concatenation errors?

I have the following line in my .php file:

$resNewsl = mysql_query("SELECT * FROM newsletters WHERE newsletter_id='".$id."' ");

and get the following errors:

1. error at =
2. highlighting error (not highliting the whole sql statement)

sql_error.jpg

WIP: 95.117

4 comments

Language Injection into concatenated strings is not supported. Watch http://youtrack.jetbrains.net/issue/WI-534 to track progress.
Rewrite in "SELECT .. id=$id" style.

0

thanks. Hope that atleast the error notification will be fixed  

0

Nope. You've to either rewrite query to be single literal w/o concatenation, disable injection or wait for WI-534.

0

That is really bad code style (and even performs badly in terms of CPU cycles) and every PHP developer is taught to use single quotes.

However, the link to "WI-534", whatever it is, is dead.

0

Please sign in to leave a comment.