The code is simple- take a value from a form, insert it into the

Question

0

Asked: May 28, 20262026-05-28T01:05:45+00:00 2026-05-28T01:05:45+00:00

The code is simple- take a value from a form, insert it into the

0

The code is simple- take a value from a form, insert it into the mysql DB. Here’s a snippet:

//connect to DB
$dbh = new PDO($db_pdo, $db_user_name, $db_password);

//capture value from form
$first_name = $_POST['first_name'];

//insert value into DB (doesn't work- no new entry created in requests)
$dbh->exec("INSERT INTO requests(first_name) VALUES($first_name)");

//this echo statement works (outputs the value of $first_name):
echo "\$first_name ".$first_name;

//this insert statement works: 
$dbh->exec("INSERT INTO requests(first_name) VALUES('oleg')");

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T01:05:46+00:00

Editorial Team

2026-05-28T01:05:46+00:00Added an answer on May 28, 2026 at 1:05 am

That’s right, you have to quote your string.

$dbh->exec("INSERT INTO requests(first_name) VALUES('$first_name')");

But this code is vulnerable to SQL Injection. I’m not sure how do you protect against that in PHP.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

The code is simple- take a value from a form, insert it into the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply