Reputation: 167
I am using this statement to add information to a database
$sql = "INSERT INTO test1 (manufacturer, name, url) VALUES ('{$_POST['manufacturer']}','{$_POST['name']}', '{$_POST['url']}')";
var_dump($sql);
I would like to add http://webaddress.com/
before the $_POST['url']
. So if I enter in file name example it will go into the record as http://webaddress.com/example
Upvotes: 1
Views: 38
Reputation: 23510
You just need to concatenate your string and your variable
"INSERT INTO test1 (manufacturer, name, url) VALUES ('".$_POST['manufacturer']."','".$_POST['name']."', 'http://webaddress.com/".$_POST['url']."')";
As side note I would like you to focus your attention on sql injection
since your code is vulnerable and you are at risk
Upvotes: 1