SQL concatenation errors?

I have the following line in my .php file:

$resNewsl = mysql_query("SELECT * FROM newsletters WHERE newsletter_id='".$id."' ");

and get the following errors:

1. error at =
2. highlighting error (not highliting the whole sql statement)

sql_error.jpg

WIP: 95.117

4 comments
Comment actions Permalink

Language Injection into concatenated strings is not supported. Watch http://youtrack.jetbrains.net/issue/WI-534 to track progress.
Rewrite in "SELECT .. id=$id" style.

0
Comment actions Permalink

thanks. Hope that atleast the error notification will be fixed  

0
Comment actions Permalink

Nope. You've to either rewrite query to be single literal w/o concatenation, disable injection or wait for WI-534.

0
Comment actions Permalink

That is really bad code style (and even performs badly in terms of CPU cycles) and every PHP developer is taught to use single quotes.

However, the link to "WI-534", whatever it is, is dead.

0

Please sign in to leave a comment.