gautamz07 Posted May 22, 2014 Share Posted May 22, 2014 function send_msg($sender , $message){ if(!empty($sender) && !empty($message)){ $sender = mysql_real_escape_string($sender); $message= mysql_real_escape_string($message); $query = "INSERT INTO `chat`.`chat` VALUES (null , '{$sender}' , '$message')"; // Difficulty on THIS LINE !!!! if($run = mysql_query($query)){ return true; }else{ return false; } } why is '{$sender}' given the curley brakets ????? and why is message not given the same brackets ? also why is this function used ? i.e. mysql_real_escape_string , i know what it does , but is it to prevent SQL injection. Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted May 22, 2014 Share Posted May 22, 2014 why is '{$sender}' given the curley brakets ????? and why is message not given the same brackets ? No idea why, but variables in a double quoted string can be wrapped in curly braces, usually they are only required for more complex variables names such as arrays/objects, example echo "Welcome, {$_SESSION['username']}"; It just explicitly points out to PHP the start/end of a variable name. also why is this function used ? i.e. mysql_real_escape_string , i know what it does , but is it to prevent SQL injection. You've just contradicted yourself If you knew what it does then you wouldn't need to ask that question. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.