Page 1 of 1
how to do triple quotoation marks
Posted: Tue Jul 13, 2010 7:33 pm
by MHardeman25
Hey, how do you handle triple quotes like this
Code: Select all
$sql = "SELECT * FROM tb_users WHERE username = '$_SESSION['username']'"
see how at the '_$SESSION['username']' has quotes around it and around username, and the whole thing is in "
Re: how to do triple quotoation marks
Posted: Tue Jul 13, 2010 7:38 pm
by John Cartwright
Code: Select all
$sql = "SELECT * FROM tb_users WHERE username = '$_SESSION[username]'";
or
Code: Select all
$sql = "SELECT * FROM tb_users WHERE username = '{$_SESSION[username]}'";
or (my preference)
Code: Select all
$sql = "SELECT * FROM tb_users WHERE username = '". $_SESSION['username'] ."'";
You should also note, you should be passing all query input through mysql_real_escape_string() to sanitize. I.e.,
Code: Select all
$sql = "SELECT * FROM tb_users WHERE username = '". mysql_real_escape_string($_SESSION['username']) ."'";
Re: how to do triple quotoation marks
Posted: Tue Jul 13, 2010 7:39 pm
by MHardeman25
Thanks.