0

While learning php I found this common statement

$add_tel_sql = "INSERT INTO telephone (master_id, date_added,
date_modified, tel_number, type) VALUES
('".$master_id."', now(), now(),
'".$safe_tel_number."', '".$_POST['tel_type']."')";

What I do not understand why in the '".$master_id."' we are using the " and also the dot. why we do not only use $master_id without the dots and the quotation marks. I would appreciate any explanation.

4
Contributors
7
Replies
33
Views
3 Years
Discussion Span
Last Post by asker54
0

The dot is concatenating strings. Another way to write this is:

$add_tel_sql = "INSERT INTO telephone (master_id, date_added, date_modified, tel_number, type) VALUES ('$master_id', now(), now(), '$safe_tel_number', '{$_POST['tel_type']}')";
0

This is a simple string concatenation. In PHP, strings can be concatenated using the . (dot) operator (read more here - Click Here or here).

In this case $master_id is a variable, so they used string concatenation to get its value and add it into the statement

$master_id = "14";
$query = "SELECT * FROM Table_Name WHERE Id = ".$master_id;

// this string will be equal to
// SELECT * FROM Table_Name WHERE Id = 14

Edited by Lucaci Andrew: Nifty tutorial link added

0

As above. However, avoid using dirty input in your queries. $_POST variables could be a source for sql injection. CLean them or use prepared statments and bind parameters (inputs).

0

Thank you for the alternative way you brought here. If we go back to my question, we have a variable in a table that we need to fill it with a value, the question is why we need the concatenating dot.

0

If the following code approach is acceptable:

    $add_tel_sql = "INSERT INTO telephone (master_id, date_added, date_modified, tel_number, type) VALUES ('$master_id', now(), now(), '$safe_tel_number', '{$_POST['tel_type']}')";

why the author in second approach used the concatenation as follows:
can u explain the concatenation in this insert statement (not select):

$add_tel_sql = "INSERT INTO telephone (master_id, date_added,
date_modified, tel_number, type) VALUES
('".$master_id."', now(), now(),
'".$safe_tel_number."', '".$_POST['tel_type']."')";
0

why the author in second approach used the concatenation

It's a choice. If you want to do it right, use MySQLi or PDO with binding.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.