Change this SQL query to php

Question

I have the following MySQL query which needs to be passed to query(). I'm having trouble understanding it.

INSERT INTO admin (student_name, student_email, student_city) VALUES ('mark','[email protected]','newark');

The place I got the script from has given the following,

$sql = "INSERT INTO students (student_name, student_email, student_city) VALUES ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

The part I'm having trouble understanding is ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')

What is happening there? All those inverted commas and periods have got me confused.

the whole sql string is in double quotes and the values for name, email and city are stored as strings, so they are stored in single quotes and concatenated with the variable. — Abdul Mannan - Data Engineer
– Abdul Mannan - Data Engineer, Commented Mar 30, 2016 at 6:07
single quotes before double quotes mean they are saved as string and instead of passing the variable directly inside double quotes, sql string is concatenated with $_POST["stu_name"] — Abdul Mannan - Data Engineer
– Abdul Mannan - Data Engineer, Commented Mar 30, 2016 at 6:09

Ikhlak S. · Accepted Answer · 2016-03-30 06:49:08Z

2

Here the SQL is being concatenated using the . in PHP.

So, lets take a look at this this:

// 12        3          45678
// vv        v          vvvvv
  ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

After the bracket, the single quote ' is to open the MySQL single quote.
And then the double quote " ends the string in PHP.
Then, you use PHP . to join the current PHP string with $_POST['stu_name']
And then join it to another PHP string using .
Open a PHP string using double quotes ".
And finally once it's open you need to close the MySQL string you opened using '.
Comma, to enter the second value
A single quote' to open a string in MySQL. Then the process repeats itself.

answered Mar 30, 2016 at 6:49

Ikhlak S.

9,10411 gold badges60 silver badges80 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

sagi · Accepted Answer · 2016-03-30 06:13:22Z

1

This is to long for a comment:

('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

The whole query need to be warped in double quotes , but when you want to concatenate a variable ->

('".$_POST["stu_name"] <-- this part is leaving the query as
('Value
('".$_POST["stu_name"]."', <-- this part is leaving the query as
('Value',

Each value inside the comma needs to be concatenate into two single quotes on both their sides, hence the single quotes signs. Each dot (.) is concatenating the variable into the existing string and back into the string.

answered Mar 30, 2016 at 6:13

sagi

40.6k7 gold badges66 silver badges87 bronze badges

2 Comments

innowqhy Over a year ago

Thanks @sagi. How exactly does '" (single comma followed by a double) change to ' ?

sagi Over a year ago

do you understand why a letter followed by a double quotes "a" will turn into a? The same as "'" will turn into ' @innowqhy

Nehal · Accepted Answer · 2016-03-30 06:16:16Z

0

Try this, you had issue of quotes only :

["stu_name"] chnaged this to ['stu_name']

$sql = "INSERT INTO students (student_name, student_email, student_city) VALUES ('".$_POST['stu_name']"','".$_POST['stu_email']."','".$_POST['stu_city']."')";

answered Mar 30, 2016 at 6:16

Nehal

1,5134 gold badges17 silver badges30 bronze badges

Comments

J. Shiv · Accepted Answer · 2016-03-30 06:17:52Z

0

if using POST method

$stu_name = $_POST["stu_name"]          //mark
$stu_email = $_POST["stu_email"]        //[email protected]
$stu_city = $_POST["stu_city"]         //newark

$sql = "INSERT INTO students (student_name, student_email, student_city) VALUES ('$stu_name','$stu_email','$stu_city')";

The above is same as

$sql = "INSERT INTO admin (student_name, student_email, student_city) VALUES ('mark','[email protected]','newark')";

edited Mar 30, 2016 at 6:17

answered Mar 30, 2016 at 6:17

J. Shiv

1444 bronze badges

1 Comment

sagi Over a year ago

He know its the same, he wanted to understand why

KKumar · Accepted Answer · 2016-03-30 06:48:30Z

0

Simply put a line after the query like this

echo "INSERT INTO students (student_name, student_email, student_city) VALUES ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

It will print the SQL query with values. Note the ' in the values. Here you are passing string values in to table, so you use ' and commas to separate the values. Hope this helps you in understanding quickly.

Note: Do not use it on production server. Use it on your local server.

answered Mar 30, 2016 at 6:48

KKumar

351 silver badge9 bronze badges

Comments

Ikhlak S. · Accepted Answer · 2016-03-30 07:50:50Z

0

when you insert a string into Database my sql query, you MUST plus " or ' character

By your issue, the query clause is:

$sql = "INSERT INTO students (student_name, student_email, student_city) VALUES ('".$_POST["stu_name"]."','".$_POST["stu_email"]."','".$_POST["stu_city"]."')";

The $_POST["stu_name"], $_POST["stu_email"], $_POST["stu_city"] are the variables that you received by form with $_POST method

Best regards, Tuyen

edited Mar 30, 2016 at 7:50

Ikhlak S.

9,10411 gold badges60 silver badges80 bronze badges

answered Mar 30, 2016 at 6:47

Tuyen Nguyuen

112 bronze badges

Collectives™ on Stack Overflow

Change this SQL query to php

6 Answers 6

Comments

2 Comments

Comments

1 Comment

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

6 Answers 6

Comments

2 Comments

Comments

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related