[SOLVED] Quoting

Ken2k7 · August 24, 2007

Okay I just want to see if this works or not:

$sql = mysql_query("SELECT * FROM member WHERE name='$_SESSION['name']'") or die(mysql_error());

See where it says: ...name='$_SESSION['name']'...?

Does the quotes work on that part or do I need to use the character '\'?

MadTechie · August 24, 2007

use either

$sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error());

or

$sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error());

nathanmaxsonadil · August 24, 2007

the quotes work on that part..

you might want to change it to this though

$sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error());

EDIT:lol MadTechie beat me to it

deadimp · August 24, 2007

Actually, since it's in a string, you don't really need quotes.

But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things - which isn't good. Be sure you escape your data properly.

MadTechie · August 24, 2007

Actually, since it's in a string, you don't really need quotes.

Erm yes you do!

But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things

Its a SESSION, not a POST or GET so how would the user do that ????

Neptunus Maris · August 24, 2007

$user_sess = $_SESSION["the_session"] or $_SESSION[the_session] or $_SESSION['the_session']

WHERE name = '$user_sess'

MadTechie · August 24, 2007

nice third options except the

$_SESSION[the_session] one which will work but is bad pratice.. as PHP will see the the_session as a constant and your get a warning notice

Neptunus Maris · August 24, 2007

Actually, since it's in a string, you don't really need quotes.

Erm yes you do!

But one thing you'll need to observe is the possibility of an SQL-injection attack, meaning someone could rewrite your query to do malicious things

Its a SESSION, not a POST or GET so how would the user do that ????

Ive used a $_SESSION string without using quotes before...and Ive done it alot.

Neptunus Maris · August 24, 2007

nice third options except the

$_SESSION[the_session] one which will work but is bad pratice.. as PHP will see the the_session as a constant and your get a warning notice

True!

Ken2k7 · August 24, 2007

And I'm completely confused. So what's the answer?

MadTechie · August 24, 2007

its a bad habit and if you turn on error reporting your see a ton of errors,

$_SESSION[the_session]

will look for a constant named the_session and will fail to find one, and then will send a notice,

but php will then use the_session as the variable..

so to sumup PHP is fixing the error "per say" but its still bad pratice..

MadTechie · August 24, 2007

options are

use either

$sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error());

or

$sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error());

or

$name = $_SESSION['name'];

$sql = mysql_query("SELECT * FROM member WHERE name='$name' ") or die(mysql_error());

Jessica · August 24, 2007

I usually do it the last way MadTechie showed. I find it's cleaner and you might need to use $name later so why mess with $_SESSION['name'] every time

MadTechie · August 24, 2007

yeah, personally i use {} on a short script but if its a long script i set all the variable at the start, thus doing basically the same.

Neptunus Maris · August 24, 2007

I usually do it the last way MadTechie showed. I find it's cleaner and you might need to use $name later so why mess with $_SESSION['name'] every time

True! but the key words ...I've used...

I dont do it without quotes anymore.

but...lol we hevent really helped the topic starter out really, we are off in our own little circle, not unless he gave up and stopped reading our posts

Ken2k7 · August 24, 2007

Okay thanks guys. ^_^

Lastly, does this work (I don't feel like starting a new topic):

<?php
/* Codes not shown */
$sql = mysql_query("SELECT * FROM member");
// pulling database info directly using $sql
$name = $sql['name'];
/* Codes not shown */
?>

MadTechie · August 24, 2007

Nope, but close

<?php
/* Codes not shown */

/* make a request SQL*/
$sql = mysql_query("SELECT * FROM member");

// pulling database info directly using $sql
$row = mysql_fetch_assoc($sql); //edit pesky ;
//display the data
$name = $row['name'];
echo $name;
/* Codes not shown */
?>

Neptunus Maris · August 24, 2007

Nope, but close

<?php
/* Codes not shown */

/* make a request SQL*/
$sql = mysql_query("SELECT * FROM member");

// pulling database info directly using $sql
$row = mysql_fetch_assoc($sql); //edit pesky ;
//display the data
$name = $row['name'];
echo $name;
/* Codes not shown */
?>

to add to that you can also use:

/* make a request SQL*/

$sql = mysql_query("SELECT * FROM member");

// pulling database info directly using $sql

$row = mysql_fetch_array($sql); //edit pesky ;

//display the data

$name = $row['name'];

echo $name;

mysql_fetch_assoc and mysql_fetch_array are basically the same thing

Ken2k7 · August 24, 2007

Oh darn!

Thanks MadTechie.

Speaking of the quotes, do I have to use the curly braces ({}) everytime I put them in strings?

Like this too:

<?php

/* codes not shown */

if (sha1($_SESSION['pass']) == $sql['password']) header("Location: {$_SESSION['name']}");

/* codes not shown*/

?>

MadTechie · August 24, 2007

No their 3 options started above,

options are

use either

1.

$sql = mysql_query("SELECT * FROM member WHERE name='{$_SESSION['name']}'") or die(mysql_error());

or

2.

$sql = mysql_query("SELECT * FROM member WHERE name='".$_SESSION['name']."'") or die(mysql_error());

or

3.

$name = $_SESSION['name'];
$sql = mysql_query("SELECT * FROM member WHERE name='$name' ") or die(mysql_error());

All do the same thing if you plan to use it alot in the current script then use the third option

find the one that you find works best

Ken2k7 · August 24, 2007

Oh okay. Thanks. ^_^

Sign In

[SOLVED] Quoting

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information