stackoom
  简体   繁体   中英

How can I insert php variables in a sql query?

 原文  2015-02-12 07:48:52       php/ sql/ forms/ parsing/ variables

Question

I've found a lot of answers for this that don't seem to work for me. When I have apostrophes around the variables $message and $email and $date like 

    'VALUES ('$message', '$email', '$date')';

it tells me

Parse error: syntax error, unexpected '$message' (T_VARIABLE)

When I remove them, I get something like Could not enter data: Unknown column '$message' in 'field list'. I've tried to insert 

    $message = mysql_real_escape_string($message);    
    $email = mysql_real_escape_string($email);
    $date = mysql_real_escape_string($date);

with " " around the variables like 

'VALUES ("$message", "$email", "$date")';

which gets rid of the error message but now, instead of the input from the html form, i'm getting literally "$message" in my database.

What is it that I'm doing wrong? My simple objective is just to take an email, a message, and the date, and put it in a database. Please help! Thank you!

Here is the complete code I have: 

     <?php
if($_POST && isset($_POST['email'], $_POST['essay'])) {


    $dbhost = 'localhost';
    $dbuser = 'root';
    $dbpass = 'password';

    $conn=mysql_connect($dbhost, $dbuser);
    if(! $conn)
    {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("Ink", $conn);

    date_default_timezone_set("America/New_York");
    $message = $_POST['essay'];
    $email = $_POST['email'];
    $date = date("y-m-d h:i:sa");


    $sql = 'INSERT INTO inktable '.
            '(writings, email, date) '.
            'VALUES ('$message', '$email', '$date')';

    mysql_select_db('ink');
    $retval = mysql_query($sql, $conn);
    if(! $retval)
    {
        die('Could not enter data: ' .mysql_error());
    }

    mysql_close($conn);
}
?>

2 answers

solution1
 4  2015-02-12 07:52:15

I think you need those little dots: 

  ('.$message.', '.$email.', '.$date.')';

Or: 

 ("'.$message.'", "'.$email.'", "'.$date.'")';

solution2
 1  2015-02-12 07:54:48

Also, it is better to use the PDO, as the easiest way to minimize problems I think ;) Using prepared statements, you can minimize the risk of SQL injections, as Biffen said.

http://php.net/manual/en/ref.pdo-mysql.php

For example, your code with PDO: 

<?php

if($_POST && isset($_POST['email'], $_POST['essay'])) {

$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$dbname = 'Ink';

date_default_timezone_set("America/New_York");

try {
// Try to connect
    $dbh = new PDO('mysql:host='.$dbhost.';dbname='.$dbname, $dbuser, $dbpass);

// Data 
    $message = $_POST['essay'];
    $email = $_POST['email'];
    $date = date("y-m-d h:i:sa");

// query
    $sql = "INSERT INTO inktable (message,email,date) VALUES (:message,:email,:date)";
    $q = $dbh->prepare($sql);
    $q->execute(array(':message'=>$message,
                      ':email'=>$email,
                      ':date'=>$date));

// Null connection
    $dbh = null;
} catch (PDOException $e) { // if exception
    print "Error!: " . $e->getMessage() . "<br/>";
    die();
}

?>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I mix PHP variables with SELECT data in a MySQL INSERT query? Insert SQL query results into separate PHP variables How can i get a int value of a sql query in a php variable ? So i can later use it calculate with php variables how to insert multiple variables into a sql query How can I insert into a table both a select max function from another table and variables input by the user, using PHP, SQL and Microsoft Access? How to pass sql query with sql variables in php Can I insert PHP variables into a JSON string? How can I insert an image into a Session variable in sql query? Combine php variable and SELECT variables into one SQL Insert query PHP and MySql - How can I make this insert query work?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM