PHP MySQL Insert “{$clientname}” as a string not PHP variable
Question
Ok, first question so here goes,
A function that runs on activation of a module I am writing needs to put email templates into a MySQL db. The problem is these are smarty templates and use {$vars}, now when I do this in PHP the {$vars} are interpreted as PHP variables to be put into the sql query before being run.
How do I tell PHP to not interpret "{$var}" as a variable but as a string?
This is the current query:
$sqlEmail1 = "INSERT INTO `tblemailtemplates` (`type`, `name`, `subject`, `message`, `attachments`, `fromname`, `fromemail`, `disabled`, `custom`, `language`, `copyto`, `plaintext`)
VALUES ('general', 'IPGeek - Custom Email 1', 'Password Reset', 'Some text that contains {$company_name} among other things', '', '', '', '', '1', '', '', 0)"
And this should be the email template the above creates:
Some text that contains {$company_name} among other things
But it creates this instead:
Some text that contains
Any help would be very gladly received!
Solution
When a string is specified in double quotes or with heredoc, variables are parsed within it.
Note: Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.
Use '
instead of "
echo '{$var}';
Or escape $
:
echo "{\$var}";
Learn more: php strings
UPDATE: Minimal effort fix is just to add \
before $
:
$sqlEmail1 = "INSERT INTO `tblemailtemplates` (`type`, `name`, `subject`, `message`, `attachments`, `fromname`, `fromemail`, `disabled`, `custom`, `language`, `copyto`, `plaintext`)
VALUES ('general', 'IPGeek - Custom Email 1', 'Password Reset', 'Some text that contains {\$company_name} among other things', '', '', '', '', '1', '', '', 0)";
OTHER TIPS
How about escaping the values properly?
I'm betting there are ' (apostrophes) in your templates. If so, it would break your SQL syntax.