MySQL Error

$sql="INSERT INTO Users (Username, Password, EMail)
VALUES
(" . $username . "','" . $password . "','" . $email . ")";

Code (markup):

What am I doing wrong with the syntax of this. I just can't figure it out.

 

$sql = "INSERT INTO Users (Username, Password, EMail) VALUES ('$username', '$password', '$email')";

PHP:

 

You're missing the single quote after the opening bracket

 

Thank you!

 

Hope you are escaping possible special characters in the variables before putting them into $sql. E.g.:

$username = mysql_real_escape_string($username);

PHP:

 

Of course I am.

 

$sql = "INSERT INTO `Users` (`Username`, `Password`, `EMail`) VALUES ('{$username}', '{$password}', '{$email}');";

PHP:

That's how I'd personally write it.

 

Vote up for this way.

 

I always use the following

$sql = mressf("INSERT INTO `Users` (`Username`, `Password`, `EMail`) VALUES ('%s' '%s', '%s');", $username, $password, $email);

PHP:

This will insert the values after running them all through mysql_real_escape_string. The mressf function is one I created to stop having to escape each value individually. It works in the exact same way sprintf does with the added bonus of escaping all the values.

Find the function here

 

Thank you everyone. But this problem has already been solved.