Its about a syntax in php while inserting data in mysql table

Question

Why is this syntax used:

mysql_query("INSERT INTO users (username, password, email, hash) VALUES( 
'". mysql_escape_string($name) ."', 
'". mysql_escape_string(md5($password)) ."', 
'". mysql_escape_string($email) ."', 
'". mysql_escape_string($hash) ."') ") or die(mysql_error());

I do not have any confusion about mysql_escape_string , function, however why is mysql_escape_string($name), enclosed within two dots:. mysql_escape_string($name) . then it is enclosed within double quotes:". mysql_escape_string($name) ." lastly the whole thing is enclosed within a single quote :'". mysql_escape_string($name) ."' I got this form the following web resource: http://net.tutsplus.com/tutorials/php/how-to-implement-email-verification-for-new-members/

...Its a php email verification program.

You should ignore that tutorial and find something that teaches you how to use `mysqli` or `PDO`. — Stephen, Nov 26 '10 at 16:30
Two off-topic tips: use `mysqli` or `PDO` instead of the `mysql` connector. The're safer and faster. Also, add a salt to the `md5($password)` function for safety. — Martijn Heemels, Nov 26 '10 at 18:03

score 1 · Answer 1 · answered Nov 26 '10 at 17:28

The dot (.) is the glue for string concatenation. It is used also for separating variables:

"First part of a string". $myvar ." second part of a string"

The double quotes is the way we say that that is a string:

is considered an integer,

"123"

is considered a string.

And finally the single quote is a part of the mysql syntax that requires the strings to be surrounded by '.

score 0 · Answer 2 · edited Nov 13 '11 at 17:01

0

The (.) is concatenating the whole string together. see here string operators

If you echo'ed the query it would look something like this.

INSERT INTO users (username, password, email, hash) 
    VALUES ('Jeff', 'hashedpassword', 'email@email.com', 'somehash')

edited Nov 13 '11 at 17:01

NullUserException

83,810
28
209
234

answered Nov 26 '10 at 16:03

martynthewolf

1,718
2
11
22

Exactly! Don't think of the quotes enclosing the `mysql_escape_string` function! The single-quotes are actually just characters inside the string. The double-quotes delimit the strings, and the dots glue everything together. When everything is glued together into a single string the single-quotes will enclose the values, just as this answer shows. – Martijn Heemels Nov 26 '10 at 18:14

score 0 · Answer 3 · answered Nov 26 '10 at 17:19

0

The dot operator is the glue for string concatenation. The double quotes represent the start and end of a string. "string1" . "string2" . "string3" would be equivilant to: "string1string2string3".

answered Nov 26 '10 at 17:19

Swhistlesoft

59
1

Its about a syntax in php while inserting data in mysql table

3 Answers3