PHP Variable inside SQL syntax

Hi Everyone,

Please help me out in inserting a PHP variable in Sql syntax.

$sql = ‘INSERT INTO tech_zivers.Driver_inf (dr_id, first_name, last_name, team) VALUES (‘22’, ‘d_fname’ , ‘test_lname’, ‘test_team’);’;

But this adds 22,d_fname, test_lname, test_team into the database but i have something like
$name=“thisisname” ;
in PHP which i want to insert and till now i have tried various options but no use.

Ex - i used
$sql = ‘INSERT INTO tech_zivers.Driver_inf (dr_id, first_name, last_name, team) VALUES (‘22’, $name\ , ‘test_lname’, ‘test_team’);’;
etc.

So if you know this then please tell me.

Thanks!

You are escaping the dollar sign, which the parser needs in order to know that it’s a variable. Also, if 22 is a number, there is no need to put it into quotes. Besides pass it null and it should auto-increment if you have set up your table correctly.

VALUES (null, $name, ‘d_fname’, ‘test_lname’, ‘test_team’);’;

Thanks Mate. I tried that. It doesn’t work.
My SQl accepts:
VALUES (NULL, ‘energy’ );

So here NULL will autoincrement. Suppose it inserts 12, energy into my database. Now
when i use
VALUES (NULL, $name);

it doesn’t do anything.

Again i used
VALUES (NULL, 99); ----------it worked

but
$name=99; or $name=“99”;
VALUES (NULL, $name); ---------- doesn’t work

Very Strange.

Try

'.$name.'

[QUOTE=actionAction;2352574]Try

'.$name.'

[/QUOTE]

tried that with no luck.

----some more info : server is hostGator if that helps----

function quote_smart($value,$forcequote=false) {
    	if (get_magic_quotes_gpc()) {
    	    $value = stripslashes($value);
    	}
    	if (!is_numeric($value) || $forcequote === true) {
       	 	$value = "'" . $value . "'";
    	}
    	return $value;
}


$q = sprintf("INSERT INTO tech_zivers.Driver_inf (dr_id, first_name, last_name, team) VALUES (%s,%s,%s,%s)",'22',quote_smart($name,true),'test_lname','test_team'));
mysql_query($q);

Protects you a bit injections as well

Hey Sekasi , i will try that now . Thanks

But i will put what more i tried already.
I created a new Table with only 1 Varchar field and i cld insert like

$name = 2112;
$sql = “INSERT INTO tech_drivers.test (name) VALUES ($name);”;

instead of single external quotes
$sql = ‘INSERT INTO tech_drivers.test (name) VALUES ($name);’;

The bold part worked just by changing the external quotes.

But the table i want to actually modify has quite a few fields and that miracle didn’t happen there.

I have 2 different strange scences here . Will put it in 2 posts and both are quite illogical to me)
Earlier i didn’t mention that i am using $_POST[‘t1’] to get the value of textfield1
from Flash.Because nowhere i thought that cld be a problem.
If i write $d_id=883 before this POST thing then it doesn’t work in SQl but if i write after it then it works.(with double quotes only)

Now the next thing is that may be Flash is sending something wrong but this is also not the case because i am taking this value back into Flash
$d_fname = $_POST[‘t1’] ;
echo “&theText=$dfname”;

and displaying this field into some other textfield2. And textfield2 is displaying same values as textfield1. So still i thing there is something in PHP only.

Scene 2:
As i mentioned that $d_id didn’t work if i put before POST but if i use anything else like $name or $heoo then it works both before and after. lol
I don’t know if it has anything to do with “d”.

So that would have solved my problem if i use $name but no this doesn’t end here:
i want to send POST[‘t1’] value in SQL and when i include it
$name = $_POST[‘t1’];
then it doesn’t go in my SQl even in VARCHAR field. I just don’t know whats wrong. Now i am moving with hitntrial…

Hi,

First of all Thanks for all your replies.

The solution is, when i used $POST then

VALUES (‘$name’);";

works. SO the variable which is accepting flash data($name) should be in single quotes and the SQL query in Double.:sen:

This is true for this host.

And i am still facing other syntax probs.(opened a new thread)