I have to split up this SQL command and now I have a problem with the gazillion number of quotation marks. Can someone please help?? (I'm trying to dynamically assign a filename to the OUTFILE which must include a current timestamp as part of the filename). Thanks.
<?php
$sql_query = "SELECT @myCommand := concat("'SELECT UNIX_TIMESTAMP( TIMESTAMP( CURDATE( ) , HalfHourTime ) ), 0, 0, 0, 0 '";
$sql_query =$sql_query . into OUTFILE 'C:/wamp/www/myApp/services/csv/filename-", 'DATE_FORMAT(now(),"%Y%m%d-%H%i%s")', '.csv' "' ';
$sql_query =$sql_query . FIELDS TERMINATED BY ',' ';
$sql_query =$sql_query . LINES TERMINATED BY '
'';
$sql_query =$sql_query .FROM timeintervals_halfhours';
$sql_query =$sql_query . ');";
$sql_query =$sql_query . "PREPARE stmt FROM @myCommand; ";
$sql_query =$sql_query . "EXECUTE stmt;";
define("DATABASE_SERVER", "localhost");
define("DATABASE_USERNAME", "root");
define("DATABASE_PASSWORD", "");
define("DATABASE_NAME", "dataR");
$con = mysqli_connect(DATABASE_SERVER, DATABASE_USERNAME, DATABASE_PASSWORD, DATABASE_NAME);
$selected_db = mysql_select_db(DATABASE_NAME, $con);
$result = mysql_query($sql_query);
$temp = mysql_fetch_array($result);
?>
Instead of doing the $sql = $sql . "more", you can concatenate your strings by using .= instead, like this
$sql .= 'more';
You also have a issue in your line of SQL, where you're doing something wrong with a quote, what do you want to do with it? Escape it?
$sql_query = "SELECT @myCommand := concat("'SELECT UNIX_TIMESTAMP( TIMESTAMP( CURDATE( ) , HalfHourTime ) ), 0, 0, 0, 0 '";
^
For this particular query, i would recommend you build your SQL with heredoc, as you do not need to escape stuff with it
You might want to investigate using PHP mysqli::prepare statements, to avoid this kind of string manipulation. See http://www.php.net/manual/en/mysqli.prepare.php for details.
Don't split anything, whitespace is your friend (especially with an 8 character lead, and indentation increments of 4)
$sql = 'SELECT *
FROM `table`
WHERE `table`.`field` = :param';
And as recommended, use prepared statements; transition to PDO.