Many new PHP coders will come across this error and will be a bit confused by what it means so I thought I would supply a quick topic to cover the issue in more detail.
Lets suppose we have the following code:
PHP Code:
$sql = "INSERT INTO wall (author, message) VALUES ("' .$author. '", "'. $message. '")";
That is one line of PHP containing an SQL statement. To the experienced eye its defective but to a lot of new PHP programmers this looks fine.
First there seems to be some confusion about the quotation marks so I will go into those here.
Single ' quotes are handled by PHP literally. That means what you see inside the ' marks is exactly what you get. Example:
PHP Code:
$Author = 'Joe Bloggs';
print 'Comment written by $Author';
The above will print like this:
Quote:
|
Comment written by $Author
|
This is because the single quotes tell PHP that it should be handled exactly as it is without changing anything.
Double " quotes are where our magic happens. Double quotes tell PHP to examine the string inside it and if there are any variables found, replace them with their values. There is however a trade-off: PHP checks double quoted strings for variables it needs to replace - this uses more CPU cycles. Example:
PHP Code:
//Not good (but it does work):
$Author = "Joe Bloggs";
//Better - Uses less CPU (PHP doesn't need to check the string)
$Author = 'Joe Bloggs';
print "Comment written by $Author";
The above will print like this:
Quote:
|
Comment written by Joe Bloggs
|
Simple right? I'm glad you agree but read on because many people still get confused especially when trying to use them within the string.
When you need to use the single ' or double " inside a single quoted string you need to tell PHP to ignore it. The way this is done is to escape the quote within the string. To escape a character we use the \ slash. Example:
PHP Code:
//Single quote example
print 'This comment is from Joe Bloggs\'s blog.';
//Note the use of \'
//Double quote example
$Author = 'Joe Bloggs';
print "$Author said \"This is my comment.\"";
The two examples above will output the following:
Quote:
This comment is from Joe Bloggs's blog.
Joe Bloggs said "This is my comment."
|
Ok, so you've see how to escape quotes to use them within their own type of quotes but what happens if we want to use the the opposite quote in our string? Well with single quotes anything you use there is handled literally so using a double quote inside a single quoted string will produce exactly that - a double quote. Inside a double quoted string a single quote can also be used with no escaping required.
Now what about using the \ within a string?
In single quoted strings you don't need to worry. Sometimes in double quoted strings you may need to escape it.
PHP Code:
//This will work
$Comment = "I installed PHP on my c:\ drive.<br>";
print $Comment;
//This will also work:
$Comment = "I installed PHP on my c:\\ drive.<br>";
print $Comment;
The output from both of the above is the same in this scenario:
Quote:
I installed PHP on my c:\ drive.
I installed PHP on my c:\ drive.
|
It is only in some special situations you may need to escape the backslash but I've mentioned it just in case you need it.
So, lets return to the SQL above:
PHP Code:
$sql = "INSERT INTO wall (author, message) VALUES ("' .$author. '", "'. $message. '")";
This will raise a parse error looking like:
Quote:
|
Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in.. <file name> <line number>
|
So, whats wrong with that then?
If you look at the SQL after the word VALUES it becomes clear that there is some complex quoting going on:
Code:
//We're already inside double quotes at the beginning and end of the SQL.
"' .$author. '", "'. $message. '"
As you can see, PHP see's double quotes there and does not know if you're terminating the string or trying to add something. Then we have a single quote, plus the addition of a variable before trying to add on another string containing another double quote.. before trying it all again!
So, what do we do with this? Well there are 3 ways really:
PHP Code:
//Put the single quotes inside the doubles
$sql = "INSERT INTO wall (author, message) VALUES ('" .$author. "', '". $message. "')";
//But remember inside double quotes $Variables work.. So..
//Remove the excess double quotes and make it tidy:
$sql = "INSERT INTO wall (author, message) VALUES ('$author', '$message')";
//Or..:
$sql = 'INSERT INTO wall (author, message) VALUES (\'' .$author. '\', \''. $message. '\')';
Now I'll quickly mention arrays here as there also seems to be a little confusion with those. There is no need to ever use double quotes UNLESS your Key is text with a variable (EG: "Key$I" - Where $I is a number):
PHP Code:
//Not needed - It will work but it will waste CPU cycles checking the Key for a variable:
$Array["Comment"] = 'This is a test.';
//Better way using less CPU cycles:
$Array['Comment'] = 'This is a test';
//With variables:
$Key = 'Comment';
//Not great but it works:
$Array["$Key"] = 'This is a test.';
//Better:
$Array[$Key] = 'This is a test.';
All of the above will work but you don't always need the double quotes.
There may also be times when you wish to use functions or PHP commands in conjunction with your quoted text. The general thing you must realise is that a string (thats quoted text) is just a string of text. It is seen by PHP as just that - text. PHP will check double quoted strings for variables and replace them but it will not run PHP commands or functions inside a string. You should realise that single quoted strings will not to anything magical so the following example uses double quoted strings. Example:
PHP Code:
//This will not work:
$Comment = "Joe blogg's latest blog is: print get_comment()";
//This will work:
$Comment = "Joe blogg's latest blog is: " . get_comment();
//This will work:
$Comment = "Joe blogg's latest blog is: ";
print get_comment();