php_guest Posted October 3, 2009 Share Posted October 3, 2009 I am not sure when do I need to use " or ' and when not. A few examples: 1.$result=mysql_query("SELECT * FROM users WHERE user=$user"); 2.$result=mysql_query("SELECT * FROM images WHERE user=$row[user]"); 3.echo $row[user]; Do I need to put in 3rd example $row['user'] or just $row[user] and why? It works also without, is there any security reason? Same questino for first 2 examples. Thank you Quote Link to comment Share on other sites More sharing options...
Garethp Posted October 3, 2009 Share Posted October 3, 2009 Ok, it SHOULD be "SELECT * FROM `users` WHERE `user`='$user'" Table names and column names should be in ` and `, values should be in ' and ' it should be $row['user'] just because it's the propper way to call an assosiative index Quote Link to comment Share on other sites More sharing options...
trq Posted October 3, 2009 Share Posted October 3, 2009 Non numeric array indexes should always be surrounded by quotes, why? Because they are strings not constants. Quote Link to comment Share on other sites More sharing options...
trq Posted October 3, 2009 Share Posted October 3, 2009 Ok, it SHOULD be "SELECT * FROM `users` WHERE `user`='$user'" Table names and column names should be in ` and `, values should be in ' and ' it should be $row['user'] just because it's the propper way to call an assosiative index Backticks are not required and in fact should be avoided as they tie your code to mysql. Quote Link to comment Share on other sites More sharing options...
Alex Posted October 3, 2009 Share Posted October 3, 2009 Yea, back-ticks should only be used if you're using a word that's reserved, which you should avoid to start with. Quote Link to comment Share on other sites More sharing options...
php_guest Posted October 3, 2009 Author Share Posted October 3, 2009 but how can you then write the following? "SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used) Quote Link to comment Share on other sites More sharing options...
.josh Posted October 3, 2009 Share Posted October 3, 2009 Non numeric array indexes should always be surrounded by quotes, why? Because they are strings not constants. as a best practice, yes. however, php will nonetheless parse them w/out the quotes. Quote Link to comment Share on other sites More sharing options...
Alex Posted October 3, 2009 Share Posted October 3, 2009 but how can you then write the following? "SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used) Within strings to echo a array element you use brackets { }, $sql = "SELECT * FROM `users` WHERE `user`='{$row['user']}'"; Quote Link to comment Share on other sites More sharing options...
trq Posted October 3, 2009 Share Posted October 3, 2009 however, php will nonetheless parse them w/out the quotes. After generating a notice, yes. Quote Link to comment Share on other sites More sharing options...
redarrow Posted October 3, 2009 Share Posted October 3, 2009 but how can you then write the following? "SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used) Within strings to echo a array element you use brackets { }, $sql = "SELECT * FROM `users` WHERE `user`='{$row['user']}'"; until it all go to [ ] php6 square brackets will be used only. Quote Link to comment Share on other sites More sharing options...
trq Posted October 3, 2009 Share Posted October 3, 2009 but how can you then write the following? "SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used) Within strings to echo a array element you use brackets { }, $sql = "SELECT * FROM `users` WHERE `user`='{$row['user']}'"; until it all go to [ ] php6 square brackets will be used only. Thats not correct. They are changing the way you access string indexes from {} to []. Quote Link to comment Share on other sites More sharing options...
.josh Posted October 3, 2009 Share Posted October 3, 2009 however, php will nonetheless parse them w/out the quotes. After generating a notice, yes. Bah. Only mortals care about things like so-called "notices." Quote Link to comment Share on other sites More sharing options...
Alex Posted October 3, 2009 Share Posted October 3, 2009 but how can you then write the following? "SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used) Within strings to echo a array element you use brackets { }, $sql = "SELECT * FROM `users` WHERE `user`='{$row['user']}'"; until it all go to [ ] php6 square brackets will be used only. Thats not correct. They are changing the way you access string indexes from {} to []. Oh, that's still good to know. I tend to use {} to access string indexes just from habit (I guess I like to differentiate between strings and arrays), but I guess it's time change that. Quote Link to comment Share on other sites More sharing options...
trq Posted October 4, 2009 Share Posted October 4, 2009 however, php will nonetheless parse them w/out the quotes. After generating a notice, yes. Bah. Only mortals care about things like so-called "notices." So I guess you have error turned off then? Well done. Quote Link to comment Share on other sites More sharing options...
.josh Posted October 4, 2009 Share Posted October 4, 2009 I do not have it turned off my server. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.