davidf85 Posted September 9, 2011 Share Posted September 9, 2011 In a piece of code like this: mysql_query("INSERT into users VALUES ('".$_POST['username']."', '".$_POST['password']."')") or die(mysql_error()); What is the difference between ('".$_POST['username'])."') (".$_POST['username']).') (.$_POST['username'].) and ($_POST['username']) ?? Will all four of these work? Does anyone know where in the PHP manual I can find explanation for these syntaxes? Link to comment https://forums.phpfreaks.com/topic/246778-php-syntax/ Share on other sites More sharing options...
Adam Posted September 9, 2011 Share Posted September 9, 2011 None of those would work. What's in your code is ".$_POST['username']." - double quotes either side as to break out of / re-open the string that is opened / closed with double quotes (mysql_query("INS...")). The dots are the 'concatenation' operator that joins strings (literal or within variables) together. The single quotes are part of the actual SQL. Often people find it more readable to use curly braces to concatenate the strings: '{$_POST['username']}' Read the manual for more information. Also have a read up on how to prevent SQL injections. Link to comment https://forums.phpfreaks.com/topic/246778-php-syntax/#findComment-1267316 Share on other sites More sharing options...
ManiacDan Posted September 9, 2011 Share Posted September 9, 2011 The manual section on strings contains everything you'll want to know about string concatenation. -Dan Link to comment https://forums.phpfreaks.com/topic/246778-php-syntax/#findComment-1267331 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.