Home/ Questions/Q 7757523
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T13:07:06+00:00

I have the following line of code that executes properly except for one hitch.

  • 0

I have the following line of code that executes properly except for one hitch. It will print the variable name into the database.

I use this code in one of my scrips:

$con = mysql_connect("MyServer","MyDB","myPwd");
mysql_select_db("MyDB", $con);
$sql = "INSERT INTO `MyDB`.`Shipping` (`ID`, `FIRSTNAME`, `LASTNAME`, `ADDRESS1`, `ADDRESS2`, `CITY`, `STATE`, `ZIP`, `ORDERNUMBER`, `SHIPPINGTYPE`, `item1`, `item2`, `item3`, `item4`, `item5`, `item6`, `item7`, `item8`, `item9`, `item10`) VALUES (NULL, \'$first_name\', \'lname\', \'addr\', \'\', \'city\', \'state\', \'zip\', \'ordernum\', \'\', \'0\', \'0\', \'0\', \'0\', \'0\', \'0\', \'0\', \'0\', \'0\', \'0\');";
mysql_query("$sql");
mysql_close($con);

This code prints the followin to the database:

$first_name lname   addr        city    state   zip 0       0   0   0   0   0   0   0   0   0   0

Notice that the variable name, and not the contents of the variable are printed. How can I get it to print out the variable contents?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Notice that the variable name, and not the contents of the variable are printed

    This is because you are not passing variables to the insert statement, rather you are passing undefined(?) constants; lname, addr, etc. You should pass in the variables you assigned values to: (assuming) $lname, $addr, etc.

    Also, you don’t need to pass in a NULL for the ID column. If it’s set to auto_increment, the database will create this value for you.

    You should also take advantage of the default column values defined by your table schema, so you don’t end up passing in a huge list of variables with default values, for example, if you have a DEFAULT 0 as part of the schema for item1, item2, item3 etc, you can simply make the following insert:

    $sql =
"INSERT INTO `MyDB`.`Shipping` (`FIRSTNAME`, `LASTNAME`, `ADDRESS1`, `CITY`, `STATE`, `ZIP`, `ORDERNUMBER`) VALUES ('$first_name', '$lname', '$addr', '$city', '$state', '$zip', '$ordernum');";

    The database will populate item1, item2, etc columns with 0 for you automatically.

    As cambraca mentioned, if you pass variables directly into your query like this, you run the risk of SQL injection. You should read up on how to prepare your queries, which will also force you to use mysqli (vs outdated mysql) api. Or even better, read up on PDO.

    • 0