WhyMePHP Posted February 8, 2010 Share Posted February 8, 2010 Hello. There's a line of code in PHP & MySQL 4th Ed. (pages 590/591) by Laura Thomson and Luke Welling which is: $result = $conn-> query ("UPDATE user SET passwd = sha1 (' " .$new_password. " ') WHERE username = ' " .$username. " ' "); What is the significance of the single quotes, the double quotes and the dots at each end of the variables $new_password and $username. Thanks in advance, WhyMePHP Quote Link to comment Share on other sites More sharing options...
premiso Posted February 8, 2010 Share Posted February 8, 2010 The single quotes are for surrounding MySQL strings to avoid syntax errors, the double quotes and dot exit out of the string to concatenate a variable, $new_password, onto it. Quote Link to comment Share on other sites More sharing options...
WhyMePHP Posted February 8, 2010 Author Share Posted February 8, 2010 Thanks for your reply premiso. However I don't get what you mean by: "......... by the double quotes and dot exit out of the string to concatenate a variable, $new_password, onto it. " As far as I can see (and I'm a novice, so I can't see very far), $new_password is a text variable which is an argument to the sha1() function. Its value is passed to the function and the value of the function is assigned to a password database. I can't see where concatenation comes into it. I strongly suspect though that I'm missing some basic knowledge . WhyMePHP Quote Link to comment Share on other sites More sharing options...
aeroswat Posted February 8, 2010 Share Posted February 8, 2010 Thanks for your reply premiso. However I don't get what you mean by: "......... by the double quotes and dot exit out of the string to concatenate a variable, $new_password, onto it. " As far as I can see (and I'm a novice, so I can't see very far), $new_password is a text variable which is an argument to the sha1() function. Its value is passed to the function and the value of the function is assigned to a password database. I can't see where concatenation comes into it. I strongly suspect though that I'm missing some basic knowledge . WhyMePHP Think of everything enclosed in the double quotes as a string. Anything that is outside of them is either not part of it or is a variable concatenated to that string with the concat operator which is a period. Single quotes are used to keep a string together in a SQL query. Let's say u have a username that is 2 words long. You can't exactly say WHERE username=Jon Smith. So in order to keep it together u need WHERE username='Jon Smith' Quote Link to comment Share on other sites More sharing options...
Mchl Posted February 8, 2010 Share Posted February 8, 2010 Actually this can be simplified to: $result = $conn-> query ("UPDATE user SET passwd = sha1 ('$new_password') WHERE username = '$username' "); I liked the other book from Welling and Thomson (on MySQL only). However they use some poor coding examples in my opinion. Try browsing through these pages in manual: http://www.php.net/manual/en/language.types.string.php http://www.php.net/manual/en/language.operators.string.php Quote Link to comment Share on other sites More sharing options...
taquitosensei Posted February 8, 2010 Share Posted February 8, 2010 sha1 in this case is a mysl function. So at this point that part is only a string. This is assembling a string that gets sent to mysql. So you're assembling this. "UPDATE user SET passwd=sha1('mynewpassword') WHERE username='myusername'" Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted February 8, 2010 Share Posted February 8, 2010 Thanks for your reply premiso. However I don't get what you mean by: "......... by the double quotes and dot exit out of the string to concatenate a variable, $new_password, onto it. " As far as I can see (and I'm a novice, so I can't see very far), $new_password is a text variable which is an argument to the sha1() function. Its value is passed to the function and the value of the function is assigned to a password database. I can't see where concatenation comes into it. I strongly suspect though that I'm missing some basic knowledge . WhyMePHP The . is the concatenation operator. In your example, the query string is demarcated by double quotes. The single quotes are there, as was said, to prevent errors. SQL queries tend to like values passed in with quotes around them. The query could also be written as: $result = $conn-> query ("UPDATE user SET passwd = sha1 ('$new_password') WHERE username = '$username'"; Due to the nature of double quotes in PHP (strings denoted with them automatically interpolate variables). Explicitly exiting and entering the string in conjunction with the use of the concatenation operator just makes it clear that variables are being injected into the string. Fake edit: Like Mchl said. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.