在 MySQL 插入语句中使用 php 变量
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8010287/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using php variables inside MySQL insert statement
提问by stewart715
I'm using the following statement, but not sure how to get the $variablesinside the statement properly:
我正在使用以下语句,但不确定如何$variables正确获取语句内部:
mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
VALUES ('$user_email', '$user_refer', '$user_share', '$_SERVER['REMOTE_ADDR']')");
回答by Toto
Just change the last one:
只需更改最后一个:
mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
VALUES ('$user_email', '$user_refer', '$user_share', '".$_SERVER['REMOTE_ADDR']."')");
回答by Belac
When using an array type in a string (the double quotes "" mean php is going to parse that string) you have to enclose the value you want to use in curly brackets, ie
在字符串中使用数组类型时(双引号 "" 表示 php 将解析该字符串),您必须将要使用的值括在大括号中,即
mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
VALUES ('$user_email', '$user_refer', '$user_share', '{$_SERVER['REMOTE_ADDR']}')");
回答by Your Common Sense
although literal question is answered in the link in the comments, the realproblem you face has nothing to do with SQL but with PHP string syntax. So, here is a link for your reference: http://php.net/types.string
尽管在评论中的链接中回答了字面问题,但您面临的真正问题与 SQL 无关,而是与 PHP 字符串语法有关。所以,这里有一个链接供您参考:http: //php.net/types.string
This page is among most important things you have to know about PHP.
You ought to study it diligently, or you'll be unable to use PHP for even most simple tasks like this one.
此页面是您必须了解的有关 PHP 的最重要的事情之一。
你应该努力学习它,否则你将无法使用 PHP 来完成像这样的最简单的任务。
回答by Mina
Safest way to do what you want is instead of this:
做你想做的最安全的方法是而不是这样:
mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
VALUES ('$user_email', '$user_refer', '$user_share', '$_SERVER['REMOTE_ADDR']')");
do this:
做这个:
$query = "INSERT INTO subscribers (email, referral_id, user_id, ip_address) VALUES ('$user_email', '$user_refer', '$user_share', '{$_SERVER['REMOTE_ADDR']}')"
$query = "INSERT INTO 订阅者(email、referral_id、user_id、ip_address)值('$user_email'、'$user_refer'、'$user_share'、'{$_SERVER['REMOTE_ADDR']}')”
Note the curly brackets around the index inside the $_SERVER variable. If you want to enclose a index inside a superglobal, then it's best to use curly brackets. otherwise, use concatenation as suggested by others.
请注意 $_SERVER 变量内索引周围的大括号。如果你想在超全局变量中包含一个索引,那么最好使用大括号。否则,请按照其他人的建议使用串联。
回答by Avo Murom?gi
You should do it a bit differently. Use either
你应该做一些不同的事情。使用任一
- mysqli: http://php.net/manual/en/mysqli.prepare.php
- PDO: http://php.net/manual/en/pdo.prepared-statements.php
- mysqli: http://php.net/manual/en/mysqli.prepare.php
- PDO:http: //php.net/manual/en/pdo.prepared-statements.php
You can also look at the topic a sql command why it shows an error?
你也可以看看题目一个sql命令为什么会显示错误?
It's a little bit different compared to what you do now, but a lot more safer.
与您现在所做的相比,这有点不同,但要安全得多。
回答by no_ripcord
Use it like this:
像这样使用它:
mysql_query("INSERT INTO subscribers (email, referral_id, user_id, ip_address)
VALUES ('".$user_email."'…
