Page 1 of 1
which one to use and why??
Posted: Tue Jan 10, 2006 11:30 pm
by PHPycho
i used to use following in SQL query
Code: Select all
SELECT * from `profile` WHERE userid='$_SESSION[userid]'
but i see the following frequently
Code: Select all
SELECT * from `profile` WHERE userid='".$_SESSION[userid]."'
I am in dilema which one to use and why?
Please clearify me...
Posted: Wed Jan 11, 2006 12:30 am
by timvw
I wouldn't use any of them... They both misuse the key/index
http://be.php.net/manual/en/language.types.array.php
Added a couple of other valuable hints..
Code: Select all
<?php
session_start();
// here we will keep all the data that is ready to be used in a mysql query
// typically we need to perform mysql_real_escape_string on it
$mysql = array();
// if we were generating html we could have a $html array too
// and we typically perform htmlentities( $value, 'utf-8') on it
// test if the data is available
if (isset($_SESSION['userid'])) {
// prepare the userid to be used in a mysql query
mysql['userid'] = mysql_real_escape_string($_SESSION['userid']);
} else {
// housting we got a problem, trigger_error?
}
// select only the columns that we need
$query = "SELECT column1, column2 FROM profile WHERE userid='{$mysql['userid']}'";
?>