Page 1 of 1
brackets
Posted: Thu May 22, 2014 3:58 pm
by gautamz07
Code: Select all
function send_msg($sender , $message){
if(!empty($sender) && !empty($message)){
$sender = mysql_real_escape_string($sender);
$message= mysql_real_escape_string($message);
$query = "INSERT INTO `chat`.`chat` VALUES (null , '{$sender}' , '$message')"; // Difficulty on THIS LINE !!!!
if($run = mysql_query($query)){
return true;
}else{
return false;
}
}
why is '{$sender}' given the curley brakets ????? and why is message not given the same brackets ?
also why is this function used ? i.e. mysql_real_escape_string , i know what it does , but is it to prevent SQL injection.
Re: brackets
Posted: Thu May 22, 2014 5:40 pm
by requinix
{}s are just another way of putting variables into strings. These are all equivalent:
Code: Select all
"abc " . $variable . " 123"
"abc $variable 123"
"abc {$variable} 123"
"abc ${variable} 123"
There are slight differences, especially when it comes to arrays, so best practice is to use the {$variable} syntax.
As for mysql_real_escape_string(), if you know what it does then I'm not sure why you're asking what it does. Yes, it helps you prevent SQL injection when you are not using prepared statements.
Re: brackets
Posted: Fri May 23, 2014 1:37 am
by gautamz07
Thank you !