Page 1 of 1

how to do triple quotoation marks

Posted: Tue Jul 13, 2010 7:33 pm
by MHardeman25
Hey, how do you handle triple quotes like this

Code: Select all

$sql = "SELECT * FROM tb_users WHERE username = '$_SESSION['username']'"
see how at the '_$SESSION['username']' has quotes around it and around username, and the whole thing is in "

Re: how to do triple quotoation marks

Posted: Tue Jul 13, 2010 7:38 pm
by John Cartwright

Code: Select all

$sql = "SELECT * FROM tb_users WHERE username = '$_SESSION[username]'";
or

Code: Select all

$sql = "SELECT * FROM tb_users WHERE username = '{$_SESSION[username]}'";
or (my preference)

Code: Select all

$sql = "SELECT * FROM tb_users WHERE username = '". $_SESSION['username'] ."'";
You should also note, you should be passing all query input through mysql_real_escape_string() to sanitize. I.e.,

Code: Select all

$sql = "SELECT * FROM tb_users WHERE username = '". mysql_real_escape_string($_SESSION['username']) ."'";

Re: how to do triple quotoation marks

Posted: Tue Jul 13, 2010 7:39 pm
by MHardeman25
Thanks.