I might be misinterpreting the question, because it sounds like the same 
question as before. Let me try to be more thorough.

SQL statements traditionally use single quotes around literal values. 
There is no reason of "escaping" that makes this characteristic exist.

Now, in PHP, most people construct the SQL statement as the value of a 
variable and use that variable in their SQL execution statement. This 
isn't necessary, but it makes for cleaner code.

You have to consider an SQL statement to be a string. There is 
absolutely nothing special about it in this regard. For example, this 
might be the string you wish to assign to a variable:

select * from books where book_title='HTTP';

Alternatively, you might want to search for all books where the title 
contains the term HTTP:

select * from books where book_title like '%HTTP%';

The "%" character just acts as a wildcard, so it matches zero or more of 

Taking the second SQL statement, we can store it in a variable like this:

$sql_statement="select * from books where book_title like '%HTTP%';";

Notice that there is no specific reason for using single quotes within 
the assign statement; they're just part of the string we wish to construct.

Now, getting back to the question at hand, the "HTTP" part of the SQL 
statement might be something from a form. For this example, we will 
assume it to be stored in a variable called $book_title.

If we want to use concatenation to build our SQL statement, we can do 
something like this:

$sql_statement="select * from books where book_title like '%" . 
$book_title . "%';";

Broken down, there are three things concatenated to build this string:

1) select * from books where book_title like '%
2) $book_title
3) %';

Notice these are just slices of the original SQL statement from the very 
top. The double quotes surround pieces 1 and 3 because these are 
strings. Don't let the fact that the string have single quotes within 
them confuse you. There is no reason for the single quotes for our 
concatenation. These become important when we try to execute the SQL 
statement only.

As another example, to get away from the single quotes, consider the 
following string:

I wish the HTML specification had a tag called <cool_tag> that I could use.

Assume the string "cool_tag" is in a variable called $tag_name, and we 
can do something very similar to the above method:

$example_string="I wish the HTML specification had a tag called <" . 
$tag_name . "> that I could use."

Since we are using angled brackets instead of single quotes, maybe it is 
easier to understand.

Hope that helps.


Anthony Ritter wrote:

>Maybe I didn't make myself clear...
>"LIKE '%"    // Beginning of double quote and then beginning single quote
>beacuse it is the beginning of a string which then ends before the variable
>Is the reason that the is a single quote *before* % and then a double quote
>after the % is:
>There is a single quote in the above example because all strings *within* a
>mysql expression which already starts and ends with double quotes must have
>a single quote to differentiate the two quotes - double and single.   Please
>disregard esacping characters in this example. Double quotes and single
>And in this case, the code begins with double quotes and ends with double
>quotes *before* the concatenation operator and variable.  The string which
>comes before the first string ends needs a single quote as in:
>'%" file://here comes the concenation operator and variable
>and then:
>// variable and concenation operator and
>" %' ";
>The end single quote then resumes *after* the variable and next concatention
>Thank you.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to