zgkhoo Posted November 3, 2007 Share Posted November 3, 2007 $sql="INSERT INTO person (UserID,Username,Password,Level,Country,IC,FullName,Gender,DOB,Address,Postcode,City,State,PhoneNumber,HpNumber,BankType,AccName,AccNumber,Acctstatus) VALUES ($UID,'$_SESSION[username]','$_SESSION[password]','User','$_SESSION[country]', '$_SESSION[ic]','$_SESSION[fullname]','$_SESSION[gender]','$_SESSION[dob]', '$_SESSION[address]','$_SESSION[postcode]','$_SESSION[city]','$_SESSION[state]', '$_SESSION[phonenumber]','$_SESSION[hpnumber]','$_SESSION[banktype]', '$_SESSION[accname]','$_SESSION[accnumber]','Active')"; $UID in the above code, need single quote or not? Quote Link to comment https://forums.phpfreaks.com/topic/75910-does-this-need-single-quote/ Share on other sites More sharing options...
Barand Posted November 3, 2007 Share Posted November 3, 2007 If UserID is numeric, no. If not numeric, yes If auto_increment, $UID should be null (but I've told you that today already) Quote Link to comment https://forums.phpfreaks.com/topic/75910-does-this-need-single-quote/#findComment-384339 Share on other sites More sharing options...
zgkhoo Posted November 3, 2007 Author Share Posted November 3, 2007 If UserID is numeric, no....... then no quote at all or double quote? Quote Link to comment https://forums.phpfreaks.com/topic/75910-does-this-need-single-quote/#findComment-384505 Share on other sites More sharing options...
Barand Posted November 4, 2007 Share Posted November 4, 2007 If mysql comes across an unquoted string value eg SELECT * FROM tablename WHERE username = zgkhoo It makes the following assumptions 1 ) tablename must be a table name as it is in the FROM clause. 2 ) username and zgkhoo are column names. You will then get an error message saying "column zgkhoo does not exist". To prevent string values from being interpreted as column names they are put inside single quotes eg SELECT * FROM tablename WHERE username = 'zgkhoo' Column names cannot be numeric so this is not the case with numbers eg SELECT * FROM tablename WHERE id = 5 Here there is no ambiguity so no quotes are required (although mysql will not object to '5') There is an apparent exception the this rule in the ORDER BY clause. If you have SELECT cat_id, cat_name FROM category ORDER BY 2 then it will order the output by cat_name, the 2nd column selected. Quote Link to comment https://forums.phpfreaks.com/topic/75910-does-this-need-single-quote/#findComment-384514 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.