php mysql insert statement using variables

Question

my php code which is throwing errors is as follows:

$stmt = $con->prepare('INSERT INTO listOfRides (address, time) VALUES 
('$address', '$time')') ;

I have looked at other posts and it seems I am using the variables correctly with the single quotes around them however the following error is being shown when visiting the URL:

Parse error: syntax error, unexpected T_VARIABLE in /home/gbidjght/public_html
/insertRide.php on line 79

Any help is appreciated

http://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-insert-statement — Tharif, Apr 24 '15 at 04:24

score 5 · Accepted Answer · answered Apr 24 '15 at 04:17

5

If you escaped the single quotes you would end up with the string literals "$address" and "$time" being inserted into your DB:

$stmt = $con->prepare('INSERT INTO listOfRides (address, time) VALUES (\'$address\', \'$time\')');

However assuming that they should be variables, you should use double quotes around your SQL statement to allow PHP to actually parse your variables as their values:

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES ('$address', '$time')");

That being said, since you're already preparing your statement, why not just use placeholders anyway? It'll be a safer way to protect against SQL injection.

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES (?, ?)");
$stmt->execute(array($address, $time));

answered Apr 24 '15 at 04:17

scrowler

24,273
9
60
92

Tit for tat? Thanks @Fred-ii- – scrowler May 01 '15 at 23:52
1

Well, sort of *wink*. However as truth may be and being a latest topic of discussion on meta, is the quality of answers *lately*. I'm not sure if you've seen it, but it's been a bit hot these passed few days. It's about these *"Try this...."* with drop-in code type of answers. I'm not fancy on that, as are many members on Stack who frequently help and provide answers/solutions. I've fallen victim to refused flags as VLQ, and not a happy camper. How will anyone learn how to feed themselves, if we don't show them "how to" fish. ;-) *Cheers* – Funk Forty Niner May 01 '15 at 23:57

score 4 · Answer 2 · answered Apr 24 '15 at 04:16

4

change the outer quotes to double quotes

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES 
('$address', '$time')") ;

answered Apr 24 '15 at 04:16

Eng Cy

1,527
11
15

score 2 · Answer 3 · answered Apr 24 '15 at 04:15

2

You can't put mysql ' in php '

Use this

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES 
('$address', '$time')") ;

answered Apr 24 '15 at 04:15

Iswanto San

18,263
13
58
79

score 2 · Answer 4 · answered Apr 24 '15 at 04:16

2

Because of the 's the error is coming. Add " instead of '.Try this -

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES ('$address', '$time')") ;

answered Apr 24 '15 at 04:16

Sougata Bose

31,517
8
49
87

score 2 · Answer 5 · edited Apr 24 '15 at 04:20

2

$stmt = $con->prepare("INSERT INTO `listOfRides` (`address`, `time`)
 VALUES 
($address, $time)") ;

edited Apr 24 '15 at 04:20

scrowler

24,273
9
60
92

answered Apr 24 '15 at 04:17

Ami Padsala

19
3

php mysql insert statement using variables

5 Answers5