Geek Answers Handbook

Simple php Dollar $ pricing in string questions

I was always confused by the fact that .e, g in php I have a sql statement

$qry = "select * from table where id = $id";

I can now insert "$" directly inside the quotes, or I have to use

  $qry = "select * from table where id =".$id." ";

or

  $qry = 'select * from table where id = $id';

or

  $qry = 'select * from table where id = '$id'';

What is right

+7
php
source share
6 answers

If the string is in double quotes, the variables will be evaluated. If in single quotes, this is literal, and you will get exactly what you are typing.

 $bar = 42; 'Foo $bar Baz' // Foo $bar Baz "Foo $bar Baz" // Foo 42 Baz 'Foo ' . $bar . ' Baz' // Foo 42 Baz 'Foo ' . '$bar' . ' Baz' // Foo $bar Baz "$bar " . $bar . " $bar" // 42 42 42

Here is the relevant section of the manual for a full explanation:
http://php.net/manual/en/language.types.string.php#language.types.string.parsing

To put actual quotes in a string, you will need to alternate or avoid them.

 '"$bar"' // "$bar" "'$bar'" // '42' '\'$bar\'' // '$bar' "\"$bar\"" // "42" ''$bar'' // syntax error, empty string '' + $bar + empty string ''

Besides what he said .

+4
source share

None of the above, unless $id already running SQL. You probably want to use this if you are using MySQL:

 $qry = "select * from table where id = '".mysql_real_escape_string($id)."'";

Edit: Well, that was wrong. According to the comment of my answer, this should work:

 $qry = "select * from table where id = ".(int)$id;
+4
source share

You can also try explicit variable notation in strings as follows:

 $query = "SELECT * FROM table WHERE id = {$id}";

This allows you to do things like:

 $name = "friend"; $str = "Hello {$name}s"; // Hello friends

where you could not do this if you tried:

 $str = "Hello $names";

Since he will try to expand a variable named $ names.

Variables enclosed in single quotes are not expanded and are treated as literals, so "hey, $ id" will be exactly like that instead of the expected "hey, 1" if you used double quotes.

You can also try sprintf :

 $query = sprintf("SELECT * FROM table WHERE id = %d", $id);

As the first poster said, definitely misinform your data before running queries.

+2
source share

AND

 $qry = "select * from table where id = $id";

and

 $qry = "select * from table where id = " . $id;

will work and give you the same value in $qry . Note that there is no need for the ." " That you had at the end of the second - everything that does adds a space, which is pretty pointless.

You can also do

 $qry = 'select * from table where id = ' . $id;

Which is exactly the same as the other two. They are all “correct” in that they all give you the desired result, and they all have their place. The first is pretty inefficient due to the way PHP handles interpolated strings (see here for a detailed explanation), but maybe cleaner and faster than the other two.

0
source share

I use this $qry = "SELECT * FROM table WHERE id=$id"; , since I think INT does not need quotes.

otherwise, I use $qry = "SELECT * FROM table WHERE name='$name'"; but $ name needs to be filtered ...

0
source share

This is an easy way to remember this.

Using double qoutes " your talking php so that this string is parsed for php variables.

using sing qoutes ' your talking php so as not to convert any variables to values.

But they are not taken in wagons such as \ r and \ n using one qoute, carriege is not taken into account, and it will print the literal \ r or \ n, but mine, using double qoutes, will be converted to actual entites there, such as

look what I did there :)

Hope this helps.

0
source share

More articles:


All Articles