How to insert an array into mysql database?

Question

I've got the following array:

$dati = array(
    "data" => array(
        'address_complete'=>$data->results[0]->formatted_address, 
        'address_square'=>$data->results[0]->address_components[1]->long_name,
        'location'=>$data->results[0]->address_components[2]->long_name,
        'postal_code'=>$data->results[0]->address_components[7]->long_name,
        'data_ora'=>$tmp_date
    )
);

and I want to insert $dati["data"]['location'] in database. How can I fix

mysql_query("INSERT into utenti(city) VALUES ('$dati[data][location]')") or die (mysql_error());

?

Change `$dati[data][location]` to `$dati['data']['location']` ? — Maximus2012, Jul 25 '16 at 21:07
To begin, use [mysqli](http://stackoverflow.com/questions/8891443/when-should-i-use-mysqli-instead-of-mysql) — devlin carnate, Jul 25 '16 at 21:07
**WARNING**: If you're just learning PHP, please, do not use the [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) explains best practices. Your user parameters are **not** [properly escaped](http://bobby-tables.com/php) and there are [SQL injection bugs](http://bobby-tables.com/) that can be exploited. — tadman, Jul 25 '16 at 22:30

RomanPerekhrest · Accepted Answer · 2016-07-26T04:18:39.110

0

At first, use proper variable interpolation:

mysql_query("INSERT into utenti(city) VALUES ('{$dati["data"]["location"]}')") or die (mysql_error());

Secondly, mysql_ extension is deprecated, use MySQLi or PDO_MySQL instead.

edited Jul 26 '16 at 04:18

answered Jul 25 '16 at 21:08

RomanPerekhrest

88,541
4
65
105

any comments about SQL Injection or deprecated mysql_* extensions ? – devlin carnate Jul 25 '16 at 21:09
@devlincarnate, see my comments – RomanPerekhrest Jul 25 '16 at 21:11
using `{}` to enclose arrays requires the use of quotes on the array keys, otherwise you'll get the undefined constant warning. – Marc B Jul 25 '16 at 21:23
@MarcB, sure, I've missed that thing writing it at late night. Thanks for the hint – RomanPerekhrest Jul 26 '16 at 04:20

score 0 · Answer 2 · answered Jul 25 '16 at 21:25

PHP's parser is not greedy, and multi-dimensional arrays in double-quoted strings will NOT parse properly. e.g.

$arr['a']['b'] = 'c';
echo "$arr[a][b]";

will print Array[b], not c as you expect, because PHP stops parsing for arrays after the first [] key.

You have to use the {} extended notation:

echo "{$arr['a']['b']}"; // prints c as expected

score 0 · Answer 3 · answered Jul 26 '16 at 05:10

0

Use somthing like below

mysql_query("INSERT into utenti(city) VALUES ('".$dati['data']['location']."')") or die (mysql_error());

Note: mysql_ extension is deprecated, use MySQLi or PDO_MySQL instead.

answered Jul 26 '16 at 05:10

Vinie

2,983
1
18
29

How to insert an array into mysql database?

3 Answers3