What are the potential pitfalls of using quotes around the NOW() function in a MySQL query when inserting data from PHP?

Using quotes around the NOW() function in a MySQL query when inserting data from PHP can cause the NOW() function to be treated as a string rather than a function, resulting in the literal string "NOW()" being inserted into the database instead of the current timestamp. To solve this issue, the NOW() function should be used without quotes in the query to ensure that it is evaluated as a function by MySQL.

// Incorrect way with quotes around NOW()
$query = &quot;INSERT INTO table_name (column1, column2, created_at) VALUES (&#039;value1&#039;, &#039;value2&#039;, &#039;NOW()&#039;)&quot;;

// Correct way without quotes around NOW()
$query = &quot;INSERT INTO table_name (column1, column2, created_at) VALUES (&#039;value1&#039;, &#039;value2&#039;, NOW())&quot;;

Keywords

MySQL NOW() PHP SQL injection data insertion

What are the potential pitfalls of using quotes around the NOW() function in a MySQL query when inserting data from PHP?

Keywords

Related Questions