Using php variables inside MySQL insert statement

Question

I'm using the following statement, but not sure how to get the $variables inside the statement properly:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
             VALUES ('$user_email', '$user_refer', '$user_share', '$_SERVER['REMOTE_ADDR']')");

try using concatination...but you should filter the input first `mysql_real_escape_string` or PDO http://php.net/manual/en/book.pdo.php — KJYe.Name, Nov 04 '11 at 14:01

score 16 · Accepted Answer · answered Nov 04 '11 at 14:02

16

Just change the last one:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
VALUES ('$user_email', '$user_refer', '$user_share', '".$_SERVER['REMOTE_ADDR']."')");

answered Nov 04 '11 at 14:02

Toto

89,455
62
89
125

score 6 · Answer 2 · answered Nov 04 '11 at 14:02

When using an array type in a string (the double quotes "" mean php is going to parse that string) you have to enclose the value you want to use in curly brackets, ie

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
         VALUES ('$user_email', '$user_refer', '$user_share', '{$_SERVER['REMOTE_ADDR']}')");

score 1 · Answer 3 · answered Nov 04 '11 at 14:10

1

although literal question is answered in the link in the comments, the real problem you face has nothing to do with SQL but with PHP string syntax. So, here is a link for your reference: http://php.net/types.string

This page is among most important things you have to know about PHP.
You ought to study it diligently, or you'll be unable to use PHP for even most simple tasks like this one.

answered Nov 04 '11 at 14:10

Your Common Sense

156,878
40
214
345

Thanks, I know this was too simple of a question, I was just in a quick pinch. I'll read up on this stuff more. – stewart715 Nov 04 '11 at 14:15

score 0 · Answer 4 · edited May 23 '17 at 12:01

0

You should do it a bit differently. Use either

You can also look at the topic a sql command why it shows an error?

It's a little bit different compared to what you do now, but a lot more safer.

edited May 23 '17 at 12:01

Community

1
1

answered Nov 04 '11 at 14:02

Avo Muromägi

1,563
1
12
21

score 0 · Answer 5 · answered Nov 04 '11 at 14:03

0

Use it like this:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
             VALUES ('".$user_email."'…

answered Nov 04 '11 at 14:03

noripcord

3,412
5
29
26

This is not necessary apart from the last variable, though – Damien Pirsy Nov 04 '11 at 14:06

score 0 · Answer 6 · answered Nov 04 '11 at 14:23

Safest way to do what you want is instead of this:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
         VALUES ('$user_email', '$user_refer', '$user_share', '$_SERVER['REMOTE_ADDR']')");

do this:

$query = "INSERT INTO subscribers (email, referral_id, user_id, ip_address) VALUES ('$user_email', '$user_refer', '$user_share', '{$_SERVER['REMOTE_ADDR']}')"

Note the curly brackets around the index inside the $_SERVER variable. If you want to enclose a index inside a superglobal, then it's best to use curly brackets. otherwise, use concatenation as suggested by others.

Using php variables inside MySQL insert statement

6 Answers6

Linked