Using php variables inside MySQL insert statement [duplicate]

Question

I'm using the following statement, but not sure how to get the $variables inside the statement properly:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
             VALUES ('$user_email', '$user_refer', '$user_share', '$_SERVER['REMOTE_ADDR']')");

try using concatination...but you should filter the input first mysql_real_escape_string or PDO php.net/manual/en/book.pdo.php — KJYe.Name
– KJYe.Name, Commented Nov 4, 2011 at 14:01

Toto · Accepted Answer · 2011-11-04 14:02:09Z

16

Just change the last one:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
VALUES ('$user_email', '$user_refer', '$user_share', '".$_SERVER['REMOTE_ADDR']."')");

answered Nov 4, 2011 at 14:02

Toto

91.7k63 gold badges97 silver badges135 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Belac · Accepted Answer · 2011-11-04 14:02:07Z

6

When using an array type in a string (the double quotes "" mean php is going to parse that string) you have to enclose the value you want to use in curly brackets, ie

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
         VALUES ('$user_email', '$user_refer', '$user_share', '{$_SERVER['REMOTE_ADDR']}')");

answered Nov 4, 2011 at 14:02

Belac

1,0931 gold badge7 silver badges10 bronze badges

Comments

Your Common Sense · Accepted Answer · 2011-11-04 14:10:55Z

1

although literal question is answered in the link in the comments, the real problem you face has nothing to do with SQL but with PHP string syntax. So, here is a link for your reference: http://php.net/types.string

This page is among most important things you have to know about PHP.
You ought to study it diligently, or you'll be unable to use PHP for even most simple tasks like this one.

answered Nov 4, 2011 at 14:10

Your Common Sense

158k42 gold badges226 silver badges373 bronze badges

1 Comment

stewart715 Over a year ago

Thanks, I know this was too simple of a question, I was just in a quick pinch. I'll read up on this stuff more.

noripcord · Accepted Answer · 2011-11-04 14:03:46Z

0

Use it like this:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
             VALUES ('".$user_email."'…

answered Nov 4, 2011 at 14:03

noripcord

3,5405 gold badges31 silver badges27 bronze badges

1 Comment

Damien Pirsy Over a year ago

This is not necessary apart from the last variable, though

Community · Accepted Answer · 2017-05-23 12:01:33Z

0

You should do it a bit differently. Use either

You can also look at the topic a sql command why it shows an error?

It's a little bit different compared to what you do now, but a lot more safer.

edited May 23, 2017 at 12:01

CommunityBot

11 silver badge

answered Nov 4, 2011 at 14:02

Avo Muromägi

1,6131 gold badge13 silver badges21 bronze badges

Comments

Mina · Accepted Answer · 2011-11-04 14:23:58Z

0

Safest way to do what you want is instead of this:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
         VALUES ('$user_email', '$user_refer', '$user_share', '$_SERVER['REMOTE_ADDR']')");

do this:

$query = "INSERT INTO subscribers (email, referral_id, user_id, ip_address) VALUES ('$user_email', '$user_refer', '$user_share', '{$_SERVER['REMOTE_ADDR']}')"

Note the curly brackets around the index inside the $_SERVER variable. If you want to enclose a index inside a superglobal, then it's best to use curly brackets. otherwise, use concatenation as suggested by others.

answered Nov 4, 2011 at 14:23

Mina

7677 silver badges22 bronze badges

Collectives™ on Stack Overflow

Using php variables inside MySQL insert statement [duplicate]

6 Answers 6

Comments

Comments

1 Comment

1 Comment

Comments

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

6 Answers 6

Comments

Comments

1 Comment

1 Comment

Comments

Comments

Linked

Related