Results 1 to 3 of 3
Thread: A single quote makes SQL die
Hybrid View
-
03-09-2004, 10:18 PM #1Junior Guru Wannabe
- Join Date
- Jan 2004
- Posts
- 72
A single quote makes SQL die
Hello,
Try to find the difference between these two commands:
// PHP & SQL
$db_members="mydb";
$email="myemail@mail.com";
SELECT password FROM $db_members WHERE `group`=1 AND email='$email';
SELECT password FROM $db_members WHERE 'group'=1 AND email='$email';
In the first command, I copied `group`from PHPmyadmin.
In the second command, I input 'group' from keyboard.
But only the first command work (return 1 row in my database)! The second returns not thing.
I discovered that this single quote: `works, and this single quote inputed from keyboard: ' not works.
??? Can someone explains? Thanks.
-
03-09-2004, 10:24 PM #2Newbie
- Join Date
- Feb 2004
- Location
- Beverly Hills
- Posts
- 12
Yes, I can explain. There shouldn't be any ticks around the name of the column in the where clause. You only need ticks around strings. Leave them out. PHP is passing the "plain" ticks directly to the SQL backend which doesn't like them and so it crashes it. With the back-ticks, I believe that PHP tries to evaluate the epxression and then substitute it, and miraculously the expression "group" (without quotes) evaluates to itself and then SQL processes it. So, just leave the quotes out entirely.
Create a WAP hosting service
-
03-15-2004, 09:25 AM #3Web Hosting Master
- Join Date
- Feb 2004
- Posts
- 772
Hi
The single quote used in all general expressions ( ' ) is used for string evaluations. It ( value given in the sting ) won't changed during execution of the script/program. It will remain unchanged.
On the other case, ( ` ) is used for execution of command. It will evaluates the expression and processes the result. It is used for execution of any statement. Hence in your case ( first select statement ) it will execute and returns first row of the given database. In second select statement it works just as assigned variable and won't change during execution.
Regards,
Bright