Beggining question

[php_guest]

I am not sure when do I need to use " or ' and when not. A few examples:

1.$result=mysql_query("SELECT * FROM users WHERE user=$user");

2.$result=mysql_query("SELECT * FROM images WHERE user=$row[user]");

3.echo $row[user];

 

Do I need to put in 3rd example $row['user'] or just $row[user] and why? It works also without, is there any security reason? Same questino for first 2 examples.

 

Thank you

[Garethp]

Ok, it SHOULD be

 

"SELECT * FROM `users` WHERE `user`='$user'"

 

Table names and column names should be in ` and `, values should be in ' and '

 

it should be $row['user'] just because it's the propper way to call an assosiative index

[trq]

Non numeric array indexes should always be surrounded by quotes, why? Because they are strings not constants.

[trq]

Ok, it SHOULD be

 

"SELECT * FROM `users` WHERE `user`='$user'"

 

Table names and column names should be in ` and `, values should be in ' and '

 

it should be $row['user'] just because it's the propper way to call an assosiative index

 

Backticks are not required and in fact should be avoided as they tie your code to mysql.

[Alex]

Yea, back-ticks should only be used if you're using a word that's reserved, which you should avoid to start with.

[php_guest]

but how can you then write the following?

"SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used)

[.josh]

Non numeric array indexes should always be surrounded by quotes, why? Because they are strings not constants.

 

as a best practice, yes.  however, php will nonetheless parse them w/out the quotes.

[Alex]

but how can you then write the following?

"SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used)

Within strings to echo a array element you use brackets { },

 

$sql = "SELECT * FROM `users` WHERE `user`='{$row['user']}'";

[trq]

however, php will nonetheless parse them w/out the quotes.

 

After generating a notice, yes.

[redarrow]

but how can you then write the following?

"SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used)

Within strings to echo a array element you use brackets { },

 

$sql = "SELECT * FROM `users` WHERE `user`='{$row['user']}'";

 

until it all go to [ ] php6 square brackets will be used only.

[trq]

but how can you then write the following?

"SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used)

Within strings to echo a array element you use brackets { },

 

$sql = "SELECT * FROM `users` WHERE `user`='{$row['user']}'";

 

until it all go to [ ] php6 square brackets will be used only.

 

Thats not correct. They are changing the way you access string indexes from {} to [].

[.josh]

however, php will nonetheless parse them w/out the quotes.

 

After generating a notice, yes.

 

Bah.  Only mortals care about things like so-called "notices." 

 

[Alex]

but how can you then write the following?

"SELECT * FROM `users` WHERE `user`='$row['user']'" (this is not correct because ' is already used)

Within strings to echo a array element you use brackets { },

 

$sql = "SELECT * FROM `users` WHERE `user`='{$row['user']}'";

 

until it all go to [ ] php6 square brackets will be used only.

 

Thats not correct. They are changing the way you access string indexes from {} to [].

Oh, that's still good to know. I tend to use {} to access string indexes just from habit (I guess I like to differentiate between strings and arrays), but I guess it's time change that.

[trq]

however, php will nonetheless parse them w/out the quotes.

 

After generating a notice, yes.

 

Bah.  Only mortals care about things like so-called "notices." 

 

So I guess you have error turned off then? Well done.

[.josh]

I do not have it turned off my server.