SuperBlue Posted July 22, 2008 Share Posted July 22, 2008 I've been thinking about the use of string concatenation, mainly when dealing with $_POST values from forms, or $_GET from url parameters, it was only today i was reminded about this again when someone asked about a query now working. And not being able to find any specific results on google, i come here just to clear things up. Example: // Works, but php.net advises ageinst it $SelectThis = mysql_query("SELECT * FROM Table_Name WHERE PostID = '$_GET[PostID]'", $Connection); // Doesn't work as far as i remember.. $SelectThis = mysql_query("SELECT * FROM Table_Name WHERE PostID = '$_GET['PostID']'", $Connection); // Last example uses string concatenation, and should work. $SelectThis = mysql_query("SELECT * FROM Table_Name WHERE PostID = '" . $_GET['PostID'] . "'", $Connection); I havn't actually had the need to test this, since i validate the input first, and save it in a variable which i use instead. Who knows, maybe there even is an easier way of doing it? Thanks in advance! Quote Link to comment Share on other sites More sharing options...
DarkWater Posted July 22, 2008 Share Posted July 22, 2008 You need to put { } around any properly formatted array access inside of a string (by that I mean if you have ' ' around the keys and stuff). Try: $SelectThis = mysql_query("SELECT * FROM Table_Name WHERE PostID = '{$_GET['PostID']}'", $Connection); Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted July 22, 2008 Share Posted July 22, 2008 I always use the latter version - I'm sure someone will state otherwise but have encountered problems with the other versions in the past. PLUS If you format your queries in that matter your code is more readable.. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted July 22, 2008 Share Posted July 22, 2008 Quite honestly, ToonMariner, your query is the most readable if you use sprintf(), which is what I personally use on queries. Quote Link to comment Share on other sites More sharing options...
SuperBlue Posted July 22, 2008 Author Share Posted July 22, 2008 That was exactly what i was looking for, will test it before i go to bed. Again thanks! I always use the latter version - I'm sure someone will state otherwise but have encountered problems with the other versions in the past. PLUS If you format your queries in that matter your code is more readable.. You mean the solution which was posted? Indeed it seams easier, nevertheless easier to type. I was sure there was something i've missed, i remember trying $_GET[{'PostID'}] which certainly didn't work. But come to think of it, i think i recall trying "{$_GET['PostID']}" as well, and that didn't apear to work.. Anyway i'll test it right away. Now readability aside, i would personally go with what is executed fastest on the server, given i was able to produce the code. Quote Link to comment Share on other sites More sharing options...
mga_ka_php Posted July 22, 2008 Share Posted July 22, 2008 This is correct. cause i use this. $SelectThis = mysql_query("SELECT * FROM Table_Name WHERE PostID = '" . $_GET['PostID'] . "'", $Connection); Quote Link to comment Share on other sites More sharing options...
Stephen Posted July 22, 2008 Share Posted July 22, 2008 Quite honestly, ToonMariner, your query is the most readable if you use sprintf(), which is what I personally use on queries. I try to use that also when I do queries. It's good because you can isolate the variables and find them alot easier. Quote Link to comment Share on other sites More sharing options...
SuperBlue Posted July 22, 2008 Author Share Posted July 22, 2008 Ok seams to be quite a few ways to do it then. I've just tried the method from the first answer, and of cause it worked. I must have tried it togetter with the echo function or something similer, and that was why it did not work the first time. Anyway, i just checked the final suggestion, and quote from the manual // Formulate Query // This is the best way to perform a SQL query // For more examples, see mysql_real_escape_string() $query = sprintf("SELECT firstname, lastname, address, age FROM friends WHERE firstname='%s' AND lastname='%s'", mysql_real_escape_string($firstname), mysql_real_escape_string($lastname)); // Perform Query $result = mysql_query($query); Why it should be the best way dosn't seam clear to me, unless its faster. And also since i think the {$testing['test']} is more readable, but as i said i would go with whatever execute the fastest on the server, also since i'm on a shared server which sometimes choke for no obvious reason. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted July 22, 2008 Share Posted July 22, 2008 The difference between any of the methods presented here cannot even be detected basically. It's such a minute amount of speed differences. Don't worry about it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.