Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6

Thread: much quotes?

  1. #1
    Regular Coder ubik's Avatar
    Join Date
    Oct 2005
    Location
    westCoast, usa
    Posts
    347
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question much quotes?

    Hello, I am here just looking at some tutorials, and It all seems very interesting, I think I've learned more from some online tutorials than some book I'm reading, but this piece of code kind of confuses me a bit, was wondering if someone would be so kind as to possibly explain why the following code uses so many single and double quotes and also the periods after "VALUES":


    PHP Code:
     $insertQuery "INSERT INTO articles 

    (title,tagline,section,thearticle) VALUES ("
    .

    "'".$HTTP_POST_VARS['title']."', ".

    "'".$HTTP_POST_VARS['tagline']."', ".

    $HTTP_POST_VARS['section'].", ".

    "'".$HTTP_POST_VARS['thearticle']."')"

    any help is appreciated, thanks for your time.
    "True knowledge exists in knowing that you know nothing."
    -Socrates

  • #2
    Regular Coder
    Join Date
    Jan 2006
    Location
    Preston, Lancashire, England
    Posts
    285
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Howdy.
    Basically there are two types of quote in that string. The first quote is a single quote. This quote is used by the mysql statement to determin a string. This means that $HTTP_POST_VARS['title'] will be entered into the database as a string.

    The second type are the double quotes. In the statment above they are used by the php statement. These quotes are used to break out of the mysql statement.

    For example. If you where to do this
    PHP Code:
    $word "test";
    print 
    "this is a " $word
    when run you would get:-
    this is a test
    printed on the screan.


    The final section are the full stops. In php these are used to concatenate, or join, string together. all these are used for in this statement is to make the statement appear on multipul lines.

    You could rewrite the statment to make it easier.
    llike this
    PHP Code:
    $insertQuery "INSERT INTO articles (title,tagline,section,thearticle) VALUES ('".$HTTP_POST_VARS['title']."', '".$HTTP_POST_VARS['tagline']."', " $HTTP_POST_VARS['section'].", '".$HTTP_POST_VARS['thearticle']."')"
    that will put it on one line.

    you could also do this
    PHP Code:
    $insertQuery "INSERT INTO articles (title,tagline,section,thearticle) VALUES ('$HTTP_POST_VARS[title]', '$HTTP_POST_VARS[tagline]', $HTTP_POST_VARS[section], '$HTTP_POST_VARS[thearticle]')"
    This statement will keep everything inside the mysql.

    Hope this is helpfull. If not then i will try again.

  • #3
    Regular Coder ubik's Avatar
    Join Date
    Oct 2005
    Location
    westCoast, usa
    Posts
    347
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hello MRMAN,

    thanks for responding. hey yeah i get it now.. i was thinking along the lines of mySQL statements and forgot that what I was looking at was a php string. I understand it, but I don't really understand why someone would use:

    PHP Code:
     $insertQuery "INSERT INTO articles (title,tagline,section,thearticle) VALUES (".
    "'".$HTTP_POST_VARS['title']."', ".
    "'".$HTTP_POST_VARS['tagline']."', ".
    $HTTP_POST_VARS['section'].", ".
    "'".$HTTP_POST_VARS['thearticle']."')"
    instead of:

    PHP Code:
    $insertQuery "INSERT INTO articles
    (title,tagline,section,thearticle) VALUES ('$HTTP_POST_VARS[title]', '$HTTP_POST_VARS[tagline]', $HTTP_POST_VARS[section], '$HTTP_POST_VARS[thearticle]')"


    is there any special reason or difference that you would use one way over the other?
    Last edited by ubik; 05-08-2006 at 11:00 AM.
    "True knowledge exists in knowing that you know nothing."
    -Socrates

  • #4
    Regular Coder
    Join Date
    Jan 2006
    Location
    Preston, Lancashire, England
    Posts
    285
    Thanks
    0
    Thanked 0 Times in 0 Posts
    different people like different things.
    Personally i prefer the first method as i find it easier to see the php variables.

    But then again i don't put $_POST ot $_GET into the mysql statement.
    I usually pass it through some validation first. Just to make sure no one can be naughty.

  • #5
    Regular Coder ubik's Avatar
    Join Date
    Oct 2005
    Location
    westCoast, usa
    Posts
    347
    Thanks
    0
    Thanked 0 Times in 0 Posts
    oohh ok, yeah i suppose that would be good for syntax highlighted editors, lol i need to get me one of those. hey thanks for your help. right on about the security that's what im reading up on now.
    "True knowledge exists in knowing that you know nothing."
    -Socrates

  • #6
    Senior Coder
    Join Date
    Nov 2002
    Location
    North-East, UK
    Posts
    1,265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It also depends on how fiddly your code is and what quotes you are using.

    Double quotes process the data and so in theory would take more processing time.
    PHP Code:
    $str "This string contains 'single quotes'"
    But if you have single quotes within a single quotes string then they would have to be escaped.
    PHP Code:
    $str 'This string contains \'single quotes\''

    For outputting code you also have the ability to break in and out of languages
    PHP Code:
    <?php
    $str 
    "Hello World";
    ?>
    <p><?php echo $str?></p>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •