-5

I want to insert values from a string like $email $password $username

mysql_query("INSERT INTO `cyrexhosting`.`users` (`username`, `password`, `email`) 
             VALUES ('123', '123', '123'");

but i don't know how

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Dayne Jones
  • 39
  • 1
  • 4
  • Is that all you have? – DirtyBit Sep 25 '15 at 15:26
  • 1
    See this: http://mattbango.com/notebook/code/prepared-statements-in-php-and-mysqli/ – gen_Eric Sep 25 '15 at 15:28
  • 1
    You want to use something called "prepared statements" for this and the MySQLi driver (vs the mysql one you are using). – gen_Eric Sep 25 '15 at 15:28
  • 1
    I honestly don't know which question to close this with, amongst 15,000 – Funk Forty Niner Sep 25 '15 at 15:30
  • Does this answer your question? http://stackoverflow.com/questions/1290975/how-to-create-a-secure-mysql-prepared-statement-in-php – devlin carnate Sep 25 '15 at 15:30
  • If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Sep 25 '15 at 16:00
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Sep 25 '15 at 16:00

1 Answers1

1

If you're using the deprecated mysql function: 

$user = "121";
$pass = "dummy1";
$email = "dummy@dummy.com";


mysql_query("INSERT INTO users(username, password, email) VALUES('$user', '$pass', '$email')");

On the other hand, using mysqli:

mysqli_query($con, "INSERT INTO users (username, password, email) 
VALUES ('$user', '$pass', '$email')");

Note: where $con is the mysqli connection made variable.

DirtyBit
  • 16,613
  • 4
  • 34
  • 55
  • I think the OP wants to know how to use variable values instead of '123' – devlin carnate Sep 25 '15 at 15:32
  • @devlincarnate _if_ that is the case, edited. – DirtyBit Sep 25 '15 at 15:34
  • 1
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Please do not demonstrate bad technique in answers. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – Jay Blanchard Sep 25 '15 at 16:02