Alternative, using concatenation: $sql = "SELECT * FROM db WHERE apple = '". $_POST['foo'] . "'";
-----Original Message----- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 7:57 AM To: [EMAIL PROTECTED]; Chris Hayes Subject: Re: [PHP] Re: Difference between $_POST[foo] and $_POST['foo']? > At 16:19 17-6-03, you wrote: > >$sql = 'select * from db where apple = \'' . $_POST['foo'] . '\';'; > >Like that? > you missed some quotes: > $sql = 'select * from db where apple = \''' . $_POST['foo'] . '\'"'; Go back and count the quotes again. The original post is correct as far as quotes go. Yours is not, though, since you have three single quotes in a row and have thrown in a double quote by itself. Without color coding, this is all very hard to tell. That's why I prefer to do it such as: $sql = "SELECT * FROM db WHERE apple = '{$_POST['foo']}' "; or, like someone else said, the following is perfectly valid: $sql = "SELECT * FROM db WHERE apple = '$_POST[foo]' "; There are way to many methods to do this, though, so just use the one that makes the most sense to you. I've changed my mind about this a few times in the past. :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
