Page 1 of 1

which one to use and why??

Posted: Tue Jan 10, 2006 11:30 pm
by PHPycho
i used to use following in SQL query

Code: Select all

SELECT * from `profile` WHERE  userid='$_SESSION[userid]'
but i see the following frequently

Code: Select all

SELECT * from `profile` WHERE  userid='".$_SESSION[userid]."'
I am in dilema which one to use and why?
Please clearify me...

Posted: Wed Jan 11, 2006 12:30 am
by timvw
I wouldn't use any of them... They both misuse the key/index http://be.php.net/manual/en/language.types.array.php

Added a couple of other valuable hints..

Code: Select all

<?php
session_start();

// here we will keep all the data that is ready to be used in a mysql query
// typically we need to perform mysql_real_escape_string on it 
$mysql = array();

// if we were generating html we could have a $html array too
// and we typically perform htmlentities( $value, 'utf-8') on it

// test if the data is available
if (isset($_SESSION['userid'])) {
  // prepare the userid to be used in a mysql query
  mysql['userid'] = mysql_real_escape_string($_SESSION['userid']);
} else {
  // housting we got a problem, trigger_error? 
}

// select only the columns that we need
$query = "SELECT column1, column2 FROM profile WHERE userid='{$mysql['userid']}'";
?>