The significance of back-ticks in php mysql queries.

[joe92]

SELECT *
FROM `posts`
WHERE `ID` = '$users_ID'
LIMIT 0 , 30

or

SELECT *
FROM posts
WHERE ID = '$users_ID'
LIMIT 0 , 30

 

I have been using the second example of above, I don't bother with the back-ticks. However, I was wondering, do they actually speed up the queries?

 

Joe

[trq]

They have nothing to do with speed but simply allow you to escape reserved words. They should be avoided IMO.

[DaiLaughing]

I don't know if there is a speed implication but there is a security one.

 

Supposedly backticks protect against SQL injection where field names are put in by the user (which is rare for - a CMS or PHPMyAdmin need them but I don't go that far with my sites).  I must admit I leave them out and hope I will remember to add them if ever the user inputs field names with POST or GET.

 

I did once find myself accidentally using a reserved word as a field name which meant I had to use them as thorpe says but I then changed the field name which seemed a better solution.

[trq]

Backticks off absolutely no protection against SQL injection.

[DaiLaughing]

Ticks do help against primitive SQL injection but are easy to get around.  That's why I said "supposedly".  I should have been clearer that they are not a valid security measure though!

[The Little Guy]

They should be avoided IMO.

 

I second that, you should avoid naming column as a reserved word. If you do name it as a reserved word, you probably didn't name the column very well

[fenway]

Reserved keywords come and go -- if you're dealing with an older system, you may have no choice but to use backticks.