Change this SQL query to php

Question

I have the following MySQL query which needs to be passed to query() . I'm having trouble understanding it.

INSERT INTO admin (student_name, student_email, student_city) VALUES ('mark','mark@mark.com','newark');

The place I got the script from has given the following,

$sql = "INSERT INTO students (student_name, student_email, student_city) VALUES ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

The part I'm having trouble understanding is ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')

What is happening there? All those inverted commas and periods have got me confused.

Answer 1

Here the SQL is being concatenated using the . in PHP.

So, lets take a look at this this:

// 12        3          45678
// vv        v          vvvvv
  ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

1. After the bracket, the single quote ' is to open the MySQL single quote.
2. And then the double quote " ends the string in PHP.
3. Then, you use PHP . to join the current PHP string with $_POST['stu_name']
4. And then join it to another PHP string using .
5. Open a PHP string using double quotes " .
6. And finally once it's open you need to close the MySQL string you opened using ' .
7. Comma , to enter the second value
8. A single quote ' to open a string in MySQL. Then the process repeats itself.

Answer 2

This is to long for a comment:

('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

The whole query need to be warped in double quotes , but when you want to concatenate a variable ->

('".$_POST["stu_name"] <-- this part is leaving the query as
('Value
('".$_POST["stu_name"]."', <-- this part is leaving the query as
('Value',

Each value inside the comma needs to be concatenate into two single quotes on both their sides, hence the single quotes signs. Each dot (.) is concatenating the variable into the existing string and back into the string.

Answer 3

Try this, you had issue of quotes only :

["stu_name"] chnaged this to ['stu_name']

$sql = "INSERT INTO students (student_name, student_email, student_city) VALUES ('".$_POST['stu_name']"','".$_POST['stu_email']."','".$_POST['stu_city']."')";

Answer 4

if using POST method

$stu_name = $_POST["stu_name"]          //mark
$stu_email = $_POST["stu_email"]        //mark@mark.com
$stu_city = $_POST["stu_city"]         //newark

$sql = "INSERT INTO students (student_name, student_email, student_city) VALUES ('$stu_name','$stu_email','$stu_city')";

The above is same as

$sql = "INSERT INTO admin (student_name, student_email, student_city) VALUES ('mark','mark@mark.com','newark')";

Answer 5

when you insert a string into Database my sql query, you MUST plus " or ' character

By your issue, the query clause is:

 $sql = "INSERT INTO students (student_name, student_email, student_city) VALUES ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')"; 

The $_POST["stu_name"] , $_POST["stu_email"] , $_POST["stu_city"] are the variables that you received by form with $_POST method

Best regards, Tuyen

Answer 6

Simply put a line after the query like this

echo "INSERT INTO students (student_name, student_email, student_city) VALUES ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

It will print the SQL query with values. Note the ' in the values. Here you are passing string values in to table, so you use ' and commas to separate the values. Hope this helps you in understanding quickly.

Note: Do not use it on production server. Use it on your local server.