|List:||General Discussion||« Previous MessageNext Message »|
|From:||Hank||Date:||September 19 2011 1:00am|
|Subject:||Re: Quotes around INSERT and SELECT statements' arguments from the|
mysql CLI and PHP
|View as plain text|
On Sun, Sep 18, 2011 at 12:28 PM, Dotan Cohen <dotancohen@stripped> wrote: > On Sun, Sep 18, 2011 at 17:44, Brandon Phelps <bphelps@stripped> wrote: > > Personally I don't use any quotes for the numeric types, and single > quotes > > for everything else. Ie: > > > > Thanks, Brandon. I understand then that quote type is a matter of > taste. I always use double quotes in PHP and I've only recently > started putting ticks around table and column names. I'll stick to > your convention of no quotes around numerics and single quotes around > everything else. > > I agree with Brandon's suggestions, I would just add when using numeric types in PHP statements where you have a variable replacement, for instance: $sql="INSERT into table VALUES ('$id','$val')"; where $id is a numeric variable in PHP and a numeric field in the table, I'll include the $id in single quotes in the PHP statement, so even if the value of $id is null, alpha, or invalid (not numeric) it does not generate a mysql syntax error. Otherwise, without the single quotes, the statement would be: INSERT into table VALUES (,''); which would cause a syntax error. If you include the single quotes, it becomes: INSERT into table VALUES ('','') which won't cause a syntax error, but might cause some logic errors in the database. The choice is yours.