I might be misinterpreting the question, because it sounds like the same
question as before. Let me try to be more thorough.
SQL statements traditionally use single quotes around literal values.
There is no reason of "escaping" that makes this characteristic exist.
Now, in PHP, most people construct the SQL statement as the value of a
variable and use that variable in their SQL execution statement. This
isn't necessary, but it makes for cleaner code.
You have to consider an SQL statement to be a string. There is
absolutely nothing special about it in this regard. For example, this
might be the string you wish to assign to a variable:
select * from books where book_title='HTTP';
Alternatively, you might want to search for all books where the title
contains the term HTTP:
select * from books where book_title like '%HTTP%';
The "%" character just acts as a wildcard, so it matches zero or more of
anything.
Taking the second SQL statement, we can store it in a variable like this:
$sql_statement="select * from books where book_title like '%HTTP%';";
Notice that there is no specific reason for using single quotes within
the assign statement; they're just part of the string we wish to construct.
Now, getting back to the question at hand, the "HTTP" part of the SQL
statement might be something from a form. For this example, we will
assume it to be stored in a variable called $book_title.
If we want to use concatenation to build our SQL statement, we can do
something like this:
$sql_statement="select * from books where book_title like '%" .
$book_title . "%';";
Broken down, there are three things concatenated to build this string:
1) select * from books where book_title like '%
2) $book_title
3) %';
Notice these are just slices of the original SQL statement from the very
top. The double quotes surround pieces 1 and 3 because these are
strings. Don't let the fact that the string have single quotes within
them confuse you. There is no reason for the single quotes for our
concatenation. These become important when we try to execute the SQL
statement only.
As another example, to get away from the single quotes, consider the
following string:
I wish the HTML specification had a tag called that I could use.
Assume the string "cool_tag" is in a variable called $tag_name, and we
can do something very similar to the above method:
$example_string="I wish the HTML specification had a tag called <" .
$tag_name . "> that I could use."
Since we are using angled brackets instead of single quotes, maybe it is
easier to understand.
Hope that helps.
Chris
Anthony Ritter wrote:
>Chris,
>Maybe I didn't make myself clear...
>
>
>"LIKE '%"// Beginning of double quote and then beginning single quote
>beacuse it is the beginning of a string which then ends before the variable
>$searchterm.
>..
>
>Is the reason that the is a single quote *before* % and then a double quote
>after the % is:
>
>There is a single quote in the above example because all strings *within* a
>mysql expression which already starts and ends with double quotes must have
>a single quote to differentiate the two quotes - double and single. Please
>disregard esacping characters in this example. Double quotes and single
>quotes.
>
>And in this case, the code begins with double quotes and ends with double
>quotes *before* the concatenation operator and variable. The string which
>comes before the first string ends needs a single quote as in:
>
>'%" file://here comes the concenation operator and variable
>
>and then:
>
>// variable and concenation operator and
>
>" %' ";
>
>The end single quote then resumes *after* the variable and next concatention
>operator.
>
>Thank you.
>TR
>
>
>
>
>
>
>
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
