davidf85 Posted September 9, 2011 Share Posted September 9, 2011 In a piece of code like this: mysql_query("INSERT into users VALUES ('".$_POST['username']."', '".$_POST['password']."')") or die(mysql_error()); What is the difference between ('".$_POST['username'])."') (".$_POST['username']).') (.$_POST['username'].) and ($_POST['username']) ?? Will all four of these work? Does anyone know where in the PHP manual I can find explanation for these syntaxes? Quote Link to comment Share on other sites More sharing options...
Adam Posted September 9, 2011 Share Posted September 9, 2011 None of those would work. What's in your code is ".$_POST['username']." - double quotes either side as to break out of / re-open the string that is opened / closed with double quotes (mysql_query("INS...")). The dots are the 'concatenation' operator that joins strings (literal or within variables) together. The single quotes are part of the actual SQL. Often people find it more readable to use curly braces to concatenate the strings: '{$_POST['username']}' Read the manual for more information. Also have a read up on how to prevent SQL injections. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted September 9, 2011 Share Posted September 9, 2011 The manual section on strings contains everything you'll want to know about string concatenation. -Dan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.