php mysql insert statement using variables

Question

my php code which is throwing errors is as follows:

$stmt = $con->prepare('INSERT INTO listOfRides (address, time) VALUES 
('$address', '$time')') ;

I have looked at other posts and it seems I am using the variables correctly with the single quotes around them however the following error is being shown when visiting the URL:

Parse error: syntax error, unexpected T_VARIABLE in /home/gbidjght/public_html
/insertRide.php on line 79

Any help is appreciated

Answer 1

If you escaped the single quotes you would end up with the string literals "$address" and "$time" being inserted into your DB:

$stmt = $con->prepare('INSERT INTO listOfRides (address, time) VALUES (\'$address\', \'$time\')');

However assuming that they should be variables, you should use double quotes around your SQL statement to allow PHP to actually parse your variables as their values:

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES ('$address', '$time')");

That being said, since you're already preparing your statement, why not just use placeholders anyway? It'll be a safer way to protect against SQL injection.

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES (?, ?)");
$stmt->execute(array($address, $time));

Answer 2

change the outer quotes to double quotes

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES 
('$address', '$time')") ;

Answer 3

You can't put mysql ' in php '

Use this

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES 
('$address', '$time')") ;

Answer 4

Because of the ' s the error is coming. Add " instead of ' .Try this -

$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES ('$address', '$time')") ;

Answer 5

$stmt = $con->prepare("INSERT INTO `listOfRides` (`address`, `time`)
 VALUES 
($address, $time)") ;