passing variables as parameters to stored procedures via wpdb from php-script

i am having a slight problem with passing php-variables to a stroed procedure call from a php-script. Here comes the details:

This is how it works very perfect – passing the params as string:

$myHTML = $wpdb->query( 'CALL show_average_time_spent(2, "2011-10-24", "2011-10-24", @myHTML)' );

Brings back a perfect result.

And this is how it not works and throws the error (passing params as variables):

$date_from = '2011-10-24';
$date_to = '2011-10-27';
$myHTML = $wpdb->query( 'CALL show_average_time_spent(2, $date_from, $date_to, @myHTML)' );

throws this error:

WordPress database error: [Unknown column ‘$date_from’ in ‘field list’]
CALL show_average_time_spent(2, $date_from, $date_to, @myHTML)

The $date_from is only used in this php-script for holding the selected date.

i realy appreciate any kind of help with this issue.

Thanks to all of you trying to help solving this problem.

Cheers,
Joe

Please take a look at the Codex to see how to prepare your statement:

// Example straight copy-paste from Codex
$metakey    = "Harriet's Adages";
$metavalue  = "WordPress' database interface is like Sunday Morning: Easy.";

$wpdb->query( $wpdb->prepare( 
    "
        INSERT INTO $wpdb->postmeta
        ( post_id, meta_key, meta_value )
        VALUES ( %d, %s, %s )
    ", 
    10, 
    $metakey, 
    $metavalue 
) );

Try this with your code too (it’s about security).