Re: Wow, this is weird

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Sep 3, 2012, at 7:58 PM, David McGlone wrote:

On Wednesday, August 29, 2012 01:33:20 PM you wrote:
<snip>
I think you must be missing the '{}' brackets, or something, because
with this added to the snippet from before:

$sql = "INSERT INTO inventory(image, year)
VALUES('{$_FILES['image']['name']}', '$_POST[year]')";
echo '<h2>$sql = </h2><pre>'.PHP_EOL;
var_dump($sql);
echo '</pre>'.PHP_EOL;

I get:

$sql =

string(58) "INSERT INTO inventory(image, year) VALUES('1.png', '2012')"

which shows $_FILES['image']['name'] correctly interpolated to a string.

Sorry it took me a bit to get back with you, but your correct. This did work. Why was the brackets necessary? I thought that was what the single quotes were for. I'm thinking the brackets join ['image'] and ['name'] otherwise the query views it as 2 seperate queries. Correct? or were the brackets use to
group it all together, but seperate it from the outer quotes?

--
Regards
David M.


I believe what you were wanting was this. But either will work.
I find that the double quote + period method works better for adding in the mysql_real_escape_string() function.
But that is just in my own experience.

$sql = "INSERT INTO inventory(image, year) VALUES('".mysql_real_escape_string($_FILES['image']['name'])."', '".mysql_real_escape_string($_POST[year]'))."'";

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux