Results 1 to 3 of 3
  1. #1
    Join Date
    Jan 2004

    A single quote makes SQL die


    Try to find the difference between these two commands:
    // PHP & SQL
    $email="[email protected]";

    SELECT password FROM $db_members WHERE `group`=1 AND email='$email';

    SELECT password FROM $db_members WHERE 'group'=1 AND email='$email';

    In the first command, I copied `group`from PHPmyadmin.
    In the second command, I input 'group' from keyboard.

    But only the first command work (return 1 row in my database)! The second returns not thing.

    I discovered that this single quote: `works, and this single quote inputed from keyboard: ' not works.

    ??? Can someone explains? Thanks.

  2. #2
    Join Date
    Feb 2004
    Beverly Hills
    Yes, I can explain. There shouldn't be any ticks around the name of the column in the where clause. You only need ticks around strings. Leave them out. PHP is passing the "plain" ticks directly to the SQL backend which doesn't like them and so it crashes it. With the back-ticks, I believe that PHP tries to evaluate the epxression and then substitute it, and miraculously the expression "group" (without quotes) evaluates to itself and then SQL processes it. So, just leave the quotes out entirely.

    Create a WAP hosting service

  3. #3
    Join Date
    Feb 2004

    The single quote used in all general expressions ( ' ) is used for string evaluations. It ( value given in the sting ) won't changed during execution of the script/program. It will remain unchanged.

    On the other case, ( ` ) is used for execution of command. It will evaluates the expression and processes the result. It is used for execution of any statement. Hence in your case ( first select statement ) it will execute and returns first row of the given database. In second select statement it works just as assigned variable and won't change during execution.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts