Jump to content

Significance of single/double quotes and dots in: ' " .$username. " '


Recommended Posts

Hello. There's a line of code in PHP & MySQL 4th Ed. (pages 590/591) by Laura Thomson and Luke Welling which is:

 

$result = $conn-> query ("UPDATE user SET passwd = sha1 (' " .$new_password. " ') WHERE username = ' " .$username. " ' ");

 

What is the significance of the single quotes, the double quotes and the dots at each end of the variables $new_password and $username.

 

Thanks in advance,

WhyMePHP

 

 

Thanks for your reply premiso. However I don't get what you mean by: "......... by the double quotes and dot exit out of the string to concatenate a variable, $new_password, onto it. "

As far as I can see (and I'm a novice, so I can't see very far), $new_password is a text variable which is an argument to the sha1() function. Its value is passed to the function and the value of the function is assigned to a password database. I can't see where concatenation comes into it. I strongly suspect though that I'm missing some basic knowledge .

 

WhyMePHP

Thanks for your reply premiso. However I don't get what you mean by: "......... by the double quotes and dot exit out of the string to concatenate a variable, $new_password, onto it. "

As far as I can see (and I'm a novice, so I can't see very far), $new_password is a text variable which is an argument to the sha1() function. Its value is passed to the function and the value of the function is assigned to a password database. I can't see where concatenation comes into it. I strongly suspect though that I'm missing some basic knowledge .

 

WhyMePHP

 

Think of everything enclosed in the double quotes as a string. Anything that is outside of them is either not part of it or is a variable concatenated to that string with the concat operator which is a period. Single quotes are used to keep a string together in a SQL query. Let's say u have a username that is 2 words long. You can't exactly say WHERE username=Jon Smith. So in order to keep it together u need WHERE username='Jon Smith'

Actually this can be simplified to:

 

$result = $conn-> query ("UPDATE user SET passwd = sha1 ('$new_password') WHERE username = '$username' ");

 

I liked the other book from Welling and Thomson (on MySQL only). However they use some poor coding examples in my opinion.

 

Try browsing through these pages in manual:

http://www.php.net/manual/en/language.types.string.php

http://www.php.net/manual/en/language.operators.string.php

sha1 in this case is a mysl function.  So at this point that part is only a string. This is assembling a string that gets sent to mysql.

So you're assembling this.

"UPDATE user SET passwd=sha1('mynewpassword') WHERE username='myusername'"

 

 

Thanks for your reply premiso. However I don't get what you mean by: "......... by the double quotes and dot exit out of the string to concatenate a variable, $new_password, onto it. "

As far as I can see (and I'm a novice, so I can't see very far), $new_password is a text variable which is an argument to the sha1() function. Its value is passed to the function and the value of the function is assigned to a password database. I can't see where concatenation comes into it. I strongly suspect though that I'm missing some basic knowledge .

 

WhyMePHP

 

The . is the concatenation operator.  In your example, the query string is demarcated by double quotes.  The single quotes are there, as was said, to prevent errors.  SQL queries tend to like values passed in with quotes around them.  The query could also be written as:

 

$result = $conn-> query ("UPDATE user SET passwd = sha1 ('$new_password') WHERE username = '$username'";

 

Due to the nature of double quotes in PHP (strings denoted with them automatically interpolate variables).  Explicitly exiting and entering the string in conjunction with the use of the concatenation operator just makes it clear that variables are being injected into the string.

 

Fake edit: Like Mchl said.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.