Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I'm using the following statement, but not sure how to get the $variables inside the statement properly:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
             VALUES ('$user_email', '$user_refer', '$user_share', '$_SERVER['REMOTE_ADDR']')");
share|improve this question
try using concatination...but you should filter the input first mysql_real_escape_string or PDO php.net/manual/en/book.pdo.php – kjy112 Nov 4 '11 at 14:01
Use parameterized queries. – aib Nov 4 '11 at 14:06

6 Answers

up vote 1 down vote accepted

Just change the last one:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
VALUES ('$user_email', '$user_refer', '$user_share', '".$_SERVER['REMOTE_ADDR']."')");
share|improve this answer
up vote 2 down vote

When using an array type in a string (the double quotes "" mean php is going to parse that string) you have to enclose the value you want to use in curly brackets, ie

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
         VALUES ('$user_email', '$user_refer', '$user_share', '{$_SERVER['REMOTE_ADDR']}')");
share|improve this answer
Wel-explained....Thank you – Anjuman May 29 at 8:17
up vote 1 down vote

although literal question is answered in the link in the comments, the real problem you face has nothing to do with SQL but with PHP string syntax. So, here is a link for your reference: http://php.net/types.string

This page is among most important things you have to know about PHP.
You ought to study it diligently, or you'll be unable to use PHP for even most simple tasks like this one.

share|improve this answer
Thanks, I know this was too simple of a question, I was just in a quick pinch. I'll read up on this stuff more. – masedesign Nov 4 '11 at 14:15
up vote 0 down vote

Use it like this: 

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
             VALUES ('".$user_email."'…
share|improve this answer
This is not necessary apart from the last variable, though – Damien Pirsy Nov 4 '11 at 14:06
up vote 0 down vote

You should do it a bit differently. Use either

You can also look at the topic a sql command why it shows an error?

It's a little bit different compared to what you do now, but a lot more safer.

share|improve this answer
up vote 0 down vote

Safest way to do what you want is instead of this:

mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
         VALUES ('$user_email', '$user_refer', '$user_share', '$_SERVER['REMOTE_ADDR']')");

do this:

$query = "INSERT INTO subscribers (email, referral_id, user_id, ip_address) VALUES ('$user_email', '$user_refer', '$user_share', '{$_SERVER['REMOTE_ADDR']}')"

Note the curly brackets around the index inside the $_SERVER variable. If you want to enclose a index inside a superglobal, then it's best to use curly brackets. otherwise, use concatenation as suggested by others.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.