Query

[phpcoder981]

Shouldn't

 

INSERT INTO `users` (`email`,`password`,`date_of_birth`) VALUES('$EMAIL','xx''xx''xx','$DOB_FULL')

 

Error out because of the 'xx''xx''xx'

 

I'm confused... it puts xx'xx'xx in the password field

[Pikachu2000]

Since there aren't any commas separating them, everything between the first and last quote is read as one value.

[phpcoder981]

Then why does it display: xx'xx'xx instead of xx''xx''xx

[Anti-Moronic]

Either way, this is just a badly constructed sql query. Why are you using single quotes within single quotes in this instance? What do you want the output to be?

 

These should really be escaped:

 

'xx''xx''xx'

 

VALUES('$EMAIL','xx\'\'xx\'\'xx','$DOB_FULL')

 

[phpcoder981]

I know they should be, and I know this is a bad string. I'm trying to find out how it is behaving, its just bugging me.

[PFMaBiSmAd]

From the mysql documentation (Literal values/Strings)-

Quoted strings placed next to each other are concatenated to a single string. The following lines are equivalent:

 

'a string'

'a' ' ' 'string'

 

Edit: And double single-quotes are treated as a literal single-quote in a string, depending on what and where you are doing this.

 

 

[revraz]

Actually, it should be hashed and not escaped, since it's a PW.

[phpcoder981]

Thanks everyone, I learned how it works. Special thanks to PFMaBiSmAd for explaining  where he got his information. After reading it, I understood everything.