StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
7537500
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2011-09-24T06:45:14.593
FavoriteCount
0
LastActivityDate
2016-07-17T22:32:42.140
LastEditDate
2017-05-23T10:31:02.257
LastEditorUserId
-1
OwnerUserId
285587
ParentId
7537377
PostTypeId
2
Score
69
ViewCount
0
LastEditorDisplayName
text
Body
The rules of adding strings into a query are plain and simple: <ol> <li>The string should be enclosed in quotes.</li> <li>Therefore, these quotes should be escaped in the data, as well as some other characters, using <code>mysql_real_escape_string()</code></li> </ol> So, your code becomes <pre><code>$type = 'testing'; $type = mysql_real_escape_string($type); $reporter = "John O'Hara"; $reporter = mysql_real_escape_string($reporter); $query = "INSERT INTO contents (type, reporter, description) VALUES('$type', '$reporter', 'whatever')"; mysql_query($query) or trigger_error(mysql_error()." in ".$query); // note that when running mysql_query you have to always check for errors </code></pre> But if you're going to add the variable in another part of a query, the rules change. <ul> <li>To add a number, you have to cast it to its type explicitly. </li> </ul> For example: <pre><code>$limit = intval($_GET['limit']); //casting to int type! $query = "SELECT * FROM table LIMIT $limit"; </code></pre> <ul> <li>To add an identifier, it's better to choose it from some sort of white list, consists of hardcoded values</li> </ul> For example: <pre><code>if ($_GET['sortorder'] == 'name') { $sortorder = 'name'; } else { $sortorder = 'id'; } $query = "SELECT * FROM table ORDER BY $sortorder"; </code></pre> To make it all simplified yet with guaranteed safety, one have to use some sort of placeholder system where the variable goes into a query not directly but via some proxy, called a placeholder. So, your query call becomes something like this: <pre><code>$type = 'testing'; $reporter = "John O'Hara"; pquery("INSERT INTO contents (type, reporter, description) VALUES(?s, ?s, ?s)", $type, $reporter,'whatever'); </code></pre> And there will be absolutely no need to worry about all these matters. For the limited set of placeholders you can use <a href="https://stackoverflow.com/tags/pdo/info">PDO</a>. Though for real life usage you will need extended set which is offered by but a few libraries, one of which is <a href="https://github.com/colshrapnel/safemysql" rel="noreferrer">SafeMysql</a>.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to include a PHP variable inside a MySQL insert statement
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USYour Common Sense
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow to include a PHP variable inside a MySQL insert statement
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.