does this need single quote?

[zgkhoo]

	$sql="INSERT INTO person (UserID,Username,Password,Level,Country,IC,FullName,Gender,DOB,Address,Postcode,City,State,PhoneNumber,HpNumber,BankType,AccName,AccNumber,Acctstatus)
	VALUES ($UID,'$_SESSION[username]','$_SESSION[password]','User','$_SESSION[country]',
         '$_SESSION[ic]','$_SESSION[fullname]','$_SESSION[gender]','$_SESSION[dob]',
	 '$_SESSION[address]','$_SESSION[postcode]','$_SESSION[city]','$_SESSION[state]',
	 '$_SESSION[phonenumber]','$_SESSION[hpnumber]','$_SESSION[banktype]',
	 '$_SESSION[accname]','$_SESSION[accnumber]','Active')";

 

$UID in the above code, need single quote or not?

[Barand]

If UserID is numeric, no.

If not numeric, yes

If auto_increment, $UID should be null (but I've told you that today already)

[zgkhoo]

If UserID is numeric, no......

.

then no quote at all or double quote?

[Barand]

If mysql comes across an unquoted string value

 

eg

SELECT * FROM tablename WHERE username = zgkhoo

 

It makes the following assumptions

 

1 ) tablename must be a table name as it is in the FROM clause.

 

2 ) username and zgkhoo are column names.

 

You will then get an error message saying "column zgkhoo does not exist".

 

To prevent string values from being interpreted as column names they are put inside single quotes

 

eg

SELECT * FROM tablename WHERE username = 'zgkhoo'

 

Column names cannot be numeric so this is not the case with numbers

 

eg

SELECT * FROM tablename WHERE id = 5

 

Here there is no ambiguity so no quotes are required (although mysql will not object to '5')

 

 

There is an apparent exception the this rule in the ORDER BY clause. If you have

SELECT cat_id, cat_name FROM category ORDER BY 2

then it will order the output by cat_name, the 2nd column selected.