This question already has an answer here:
This may seem like a very dumb question, but I don't know if it's possible. I'm trying to write a function as follows:
function checkDuplicates($input) {
$result = pg_query('SELECT username FROM accounts WHERE LOWER(username)=\''.strtolower(pg_escape_string($input)).'\'') or exit(pg_last_error());
}
and I want to replace "username" with the name of the variable being passed in. For example, if I called checkDuplicates($email), I want essentially the following function to be called:
function checkDuplicates($email) {
$result = pg_query('SELECT email FROM accounts WHERE LOWER(email)=\''.strtolower(pg_escape_string($email)).'\'') or exit(pg_last_error());
}
Is there any way to do this?
</div>
You will need to pass the column as a second parameter. Changing your parameter variable name from $input to $email won't actually affect the way in which you call the function.
You can simply do:
function checkDuplicates($col, $val, $return_col) {
$result = pg_query('SELECT '.$return_col.' FROM accounts WHERE LOWER('.$col.')=\''.strtolower(pg_escape_string($val)).'\'') or exit(pg_last_error());
}
Keep the usual SQL injection dangers in the back of your mind when you're doing this. You may want to run the $col and $return_col input through a whitelist, etc.