There's an open source application that does queries like so:
$db->query('SELECT item FROM table WHERE something='.$something);
This works fine, mysql runs the query however if I use exactly the same method I get an error, mysql is seeing it as "something = (value of $something)" and it's (rightly) complaining that (value of $something) is not a row. These applications both run on the same server and I've rooted through their code for hours but I cannot work out what is causing it.
$db->query('SELECT item FROM table WHERE something='.$something);
works in their application but fails in mine. Do I need to do something with the string I'm passing? I have no problem enclosing the variables properly, like:
$db->query('SELECT item FROM table WHERE something="'.$something.'"');
but I'd like to know what causes the difference.
MySQL needs the string to be enclosed. The only thing I can think is that $something is an integer or a float.
You can pass numbers without quotes
SELECT ... WHERE id=5
but you have to mark string literals as such with quotes
SELECT ... WHERE id='abc'
see http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html
The code is bad bad bad if $something comes from the user/browser. That's call sql_injection error
Send us the exact code statement and sql log so we can see what is happening
Try this
$db->query('SELECT item FROM table WHERE something={$something}');
This will work