Syntax, symbols, databases

I don’t quite understand few things, so I though it would be a good idea to ask for help here.

[php]$result = $db->query(“SELECT * from user WHERE username=’ ".$username.” ’ AND password = sha1(’ ".$password." ')");[/php]

It’s a part of some user registration code. In a book I’ve been reading, authors use ’ ".$variable." ’ when they want to check some database records with what a user entred, but why do they use it? I mean dots are used to join string values as far as I know and " quote symbol can be used in adding some HTML code like in the echo example:
[php]echo “Some text.”;[/php].
Single quote is a part of MySQL syntax, right?

Next one: I want to make sure I think right
[php]$query=“SELECT * from tablename WHERE “.$searching_method.” like '%”.$statement."%’ ";[/php]
The $statement variable is an input entered by a user searching for somthing, so % at the begining means that the input he/she entered can be the beginning of some value the user wants to get, and at the end means that it can end with that value too, do I think right?

Another question :slight_smile:
I created a MySQL database with a table called authorization and a column called id with all those needed things set (like Primary Key etc.), but if I want to add a new username the only way to avoid “adding” a new record to that column is to specify the right columns where I want to save username, password, email etc or does it go by and leave the id column as it is - and then add the value to the second column, which could be for instance username?

Well, if I face any other problem I’ll probably post it here :slight_smile:

Thank you in advance!

Oops, Thought the BB code would work, here’s the php code without bolding etc.

[php]$result = $db->query(“SELECT * from user WHERE username=’ “.$username.” ’ AND password = sha1’ “.$password.” ')”);[/php]

[php]$query=“SELECT * from tablename WHERE “.$searching_method.” like '%”.$statement."%’ ";[/php]

Isn’t there an edit button?


PHP can use either the single quote ’ or double quote " as string literal. In your example the double quote is used as string literal for PHP.
AFAIK databases generally use single quotes ’ as string literal, so yes, in this case your single quote is a part of the query that is interpreted by MySQL.

As an example, your example could evaluate like this:

[php]$result = $db->query(“SELECT * from user WHERE username=’ “.$username.” ’ AND password = sha1’ “.$password.” ')”);
$result = $db->query(“SELECT * from user WHERE username=’ foo ’ AND password = sha1’ goo ')”);[/php]

This actually makes it seem like you lost a ( in your last attempt.
Also the username is more likely to be ‘foo’ and not ’ foo ’ (which is how your string is evaluated at the moment).

The % in SQL means that it can be anything. It would be quite easy to find the meaning of this in the MySQL reference manual. For instance:

[php]$query="SELECT * from Customers WHERE Forename like ‘%ric%’ ";[/php]

The above query would return any name that contains ‘ric’:
But not other names:

Not too sure what you are attempting to achieve with your authorization table, but I hope this helps you somewhat.

You should read this page to learn more about strings and variable parsing.

Sponsor our Newsletter | Privacy Policy | Terms of Service