0

I'm very new to PHP. I'm trying to insert some values into a database so I'm using PHP and MySQL but I'm struggling to concatenate the following string. I keep getting the error "unexpected T_CONSTANT_ENCAPSED_STRING" for the following line no matter where I place the "."-

$query "INSERT INTO users(user_name, email_address, password)
          VALUES ('".$user_name."','".$email_address."','".$password."')";

Any help would be much appreciated!

The Codesee
  • 3,714
  • 5
  • 38
  • 78
Steph
  • 1
  • 3
    Avoid concatenation completely and use [prepared statements](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. The way you're building the query makes you open to [SQL injection](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). Prepared statements are not only safe, but will also properly quote all your parameters. – El_Vanja Mar 28 '20 at 18:34
  • There was an `=` sign missing between the variable `$query` and the string literal following - that might be where the problem was, if indeed, you were actually missing the `=` sign in your own code as well – Mike Dinescu Mar 28 '20 at 18:38
  • 1
    @MikeDinescu Apologies I amended the post before you posted your comment - I wasn't sure if you unintentionally added the `=` or not. Should I undo my edit? – The Codesee Mar 28 '20 at 18:39
  • @TheCodesee - no it's fine, I've updated my comment as well. Most likely that's where the error was coming from, now that I think about it – Mike Dinescu Mar 28 '20 at 18:40
  • @TheCodesee IMO you did well. One shouldn't fix the typos in code, especially when it's the cause of the problem – Cid Mar 28 '20 at 18:40
  • @Cid -- agreed; after I typed my comment I was considering actually going back myself to revert my edit since that's actually most likely where the problem was – Mike Dinescu Mar 28 '20 at 18:42
  • For what it's worth, the question linked in the closed vote may actually not help Steph that much since the problem (and solutions discussed on that question) are about alternating quotation marks. In this case however, the problem is most likely the missing `=` sign between the variable and the string literal following after. – Mike Dinescu Mar 28 '20 at 18:45

0 Answers0