Page 1 of 1

brackets

Posted: Thu May 22, 2014 3:58 pm
by gautamz07

Code: Select all

function send_msg($sender , $message){

	if(!empty($sender) && !empty($message)){

		$sender = mysql_real_escape_string($sender);
		$message= mysql_real_escape_string($message);

		$query = "INSERT INTO  `chat`.`chat` VALUES (null , '{$sender}' , '$message')";    // Difficulty on THIS LINE !!!!

		if($run = mysql_query($query)){
			return true;
		}else{
			return false;
		}
	}
why is '{$sender}' given the curley brakets ????? and why is message not given the same brackets ?

also why is this function used ? i.e. mysql_real_escape_string , i know what it does , but is it to prevent SQL injection.

Re: brackets

Posted: Thu May 22, 2014 5:40 pm
by requinix
{}s are just another way of putting variables into strings. These are all equivalent:

Code: Select all

"abc " . $variable . " 123"
"abc $variable 123"
"abc {$variable} 123"
"abc ${variable} 123"
There are slight differences, especially when it comes to arrays, so best practice is to use the {$variable} syntax.

As for mysql_real_escape_string(), if you know what it does then I'm not sure why you're asking what it does. Yes, it helps you prevent SQL injection when you are not using prepared statements.

Re: brackets

Posted: Fri May 23, 2014 1:37 am
by gautamz07
Thank you !