While learning php I found this common statement
$add_tel_sql = "INSERT INTO telephone (master_id, date_added,
date_modified, tel_number, type) VALUES
('".$master_id."', now(), now(),
'".$safe_tel_number."', '".$_POST['tel_type']."')";
What I do not understand why in the '".$master_id."' we are using the " and also the dot. why we do not only use $master_id without the dots and the quotation marks. I would appreciate any explanation.
Jump to PostThe dot is concatenating strings. Another way to write this is:
$add_tel_sql = "INSERT INTO telephone (master_id, date_added, date_modified, tel_number, type) VALUES ('$master_id', now(), now(), '$safe_tel_number', '{$_POST['tel_type']}')";
Jump to PostThis is a simple string concatenation. In PHP, strings can be concatenated using the
.(dot) operator (read more here - Click Here or
The dot is concatenating strings. Another way to write this is:
$add_tel_sql = "INSERT INTO telephone (master_id, date_added, date_modified, tel_number, type) VALUES ('$master_id', now(), now(), '$safe_tel_number', '{$_POST['tel_type']}')";
This is a simple string concatenation. In PHP, strings can be concatenated using the . (dot) operator (read more here - Click Here or here).
In this case $master_id is a variable, so they used string concatenation to get its value and add it into the statement
$master_id = "14";
$query = "SELECT * FROM Table_Name WHERE Id = ".$master_id;
// this string will be equal to
// SELECT * FROM Table_Name WHERE Id = 14
As above. However, avoid using dirty input in your queries. $_POST variables could be a source for sql injection. CLean them or use prepared statments and bind parameters (inputs).
Thank you for the alternative way you brought here. If we go back to my question, we have a variable in a table that we need to fill it with a value, the question is why we need the concatenating dot.
If the following code approach is acceptable:
$add_tel_sql = "INSERT INTO telephone (master_id, date_added, date_modified, tel_number, type) VALUES ('$master_id', now(), now(), '$safe_tel_number', '{$_POST['tel_type']}')";
why the author in second approach used the concatenation as follows:
can u explain the concatenation in this insert statement (not select):
$add_tel_sql = "INSERT INTO telephone (master_id, date_added,
date_modified, tel_number, type) VALUES
('".$master_id."', now(), now(),
'".$safe_tel_number."', '".$_POST['tel_type']."')";
why the author in second approach used the concatenation
It's a choice. If you want to do it right, use MySQLi or PDO with binding.
Thank u for sharing your thoughts with me
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.