In the case of a simple variable like that, you don't need to break out of the double-quoted string. I guess some programmers just form the habit of doing that because more complicated values, such as arrays and function calls, are NOT interpreted within double-quoted strings. For example, if you needed to include a POST variable in an SQL string (which is a risky thing to do, I'm just using it as a syntax example--don't ever do that!), you could NOT do this:
Code: Select all
$sql = "SELECT * FROM myTable WHERE id = $_POST['id']";
That would produce an error. You would have to do it either like this:
Code: Select all
$sql = "SELECT * FROM myTable WHERE id = ".$_POST['id'];
or like this (better, but it's still bad to use a POST variable directly, without "sanitizing" the value to prevent a hacker from slipping in code that would give him access to your database):
Code: Select all
$id = $_POST['id'];
$sql = "SELECT * FROM myTable WHERE id = $id";
In fact, the CORRECT way to do that would be:
Code: Select all
$id = mysql_real_escape_string($_POST['id']);
$sql = "SELECT * FROM myTable WHERE id = $id";