Results 1 to 6 of 6
  1. #1
    Join Date
    Mar 2012
    Posts
    19

    Unanswered: Problem with nested single quotes inside SELECT statement

    I think there is a nesting problem with the single quotes in the portion displayed in red below:
    Code:
    $qry = "SELECT * ".
              "FROM table_name ".
              "WHERE user_id = '$_POST['user_id']'"
    If I'm right, I'm trying to correct it by placing double quotes at the very beginning and the very end of the statement only, like this:
    Code:
    $qry = "SELECT * .
              FROM table_name .
              WHERE user_id = '$_POST['user_id']'"
    I know if php is used to write a SELECT query, there has to be a space between the end of each line and the closing quotes:
    Code:
    $qry = "SELECT *(space here)".
              "FROM table_name(space here)".
              "WHERE user_id = '$_POST['user_id']'"
    Can this requirement for a space be solved by using double quotes to begin and end each line, and leaving a space within the double quotes at the end of each line?

    This solution creates the nesting problem with the single quotes. If I am right about all of this, can the problem be solved by putting the double quotes only at the very beginning and the very end of the entire statement, then creating that space at the end of each line by putting it right before the concatenation operator (.) at the end of the lines that need it:
    Code:
    $qry = "SELECT *(space here).
              FROM table_name(space here).
              WHERE user_id = '$_POST['user_id']'"
    I just noticed the nesting problem with the single quotes still exists. Can anyone tell me how to solve the nested quotes problem with $_POST[user_id]?

    Thanks

  2. #2
    Join Date
    Apr 2002
    Location
    Toronto, Canada
    Posts
    20,002
    if the user_id column is numeric, then you should not enclose the value in quotes at all

    quotes are used for strings
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL

  3. #3
    Join Date
    Mar 2012
    Posts
    19
    Thanks - that was something I didn't think of.

    In other words, the mysql column data type effects if/how quotes are used with a php variable or $_POST data inside a mysql statement.

  4. #4
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    AFAIK you cannot refer to an associative array within a quoted block
    PHP Code:
    $qry "SELECT * ".
              
    "FROM table_name ".
              
    "WHERE user_id = '".$_POST['user_id']."';" 
    I'd rather be riding on the Tiger 800 or the Norton

  5. #5
    Join Date
    Mar 2012
    Posts
    19
    Quote Originally Posted by healdem View Post
    AFAIK you cannot refer to an associative array within a quoted block
    Thanks for replying. Could you be more specific?

    I know this is an associative array:
    Code:
    $_POST['user_id'];
    I think this is a quoted block:
    PHP Code:
    $qry "SELECT * ".
              
    "FROM table_name ".
              
    "WHERE user_id = '".$_POST['user_id']."';" 
    If the code example you wrote is the correct way to write it, then the associative array $_POST['user_id'] can be placed in the quoted block above.

    This is why I'm still confused.

    Please clarify.
    Thanks for your help

    UPDATE: I think I understand what this part means:
    PHP Code:
    '".$_POST['user_id']."' 
    The outer single quotes tell php to first look literally at what is inside them, without changing anything. That is:
    PHP Code:
    ".$_POST['user_id']." 
    This is an associative array surrounded by double quotes that tell php to look at the value inside the array element. Php converts this array element into the value it contains, reads that specific value along with the rest of the code and processes it.

    This means you cannot refer to an associative array within a block of code surrounded by double quotes. You put the double quotes, which cause variable substitution, inside single quotes. This tells php to climb inside the whole array element and find its value.

    This makes sense. If I'm wrong I hope someone will chime in. Thanks
    Last edited by quartz; 04-15-12 at 15:03.

  6. #6
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    you can include variables directly inside php strings

    functionally
    { $strWhereClause .= " acolumn = '$astringcolumn'";}
    is the same as
    { $strWhereClause .= " acolumn = '".$astringcolumn."'";}

    however the same is not true when using associative arrays
    you have to insert a variable from an associative array rather that as inline code.
    so
    { $strWhereClause .= " acolumn = '".$_POST['user_id']."'";}
    works
    { $strWhereClause .= " acolumn = '$_POST['user_id']'";}
    doesn't

    unless you are using an IDE with integrated debugging you need develop better debugging techniques say by displaying text especially if you think the code is right but nothing or the wrong things are happening
    I'd rather be riding on the Tiger 800 or the Norton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •