0

Why is this syntax used: 

mysql_query("INSERT INTO users (username, password, email, hash) VALUES( 
'". mysql_escape_string($name) ."', 
'". mysql_escape_string(md5($password)) ."', 
'". mysql_escape_string($email) ."', 
'". mysql_escape_string($hash) ."') ") or die(mysql_error());

I do not have any confusion about mysql_escape_string , function, however why is mysql_escape_string($name), enclosed within two dots:. mysql_escape_string($name) . then it is enclosed within double quotes:". mysql_escape_string($name) ." lastly the whole thing is enclosed within a single quote :'". mysql_escape_string($name) ."' I got this form the following web resource: http://net.tutsplus.com/tutorials/php/how-to-implement-email-verification-for-new-members/

...Its a php email verification program.

Improve this question
3
  • dude! Stick the code in code tags! Commented Nov 26, 2010 at 16:03
  • 2
    You should ignore that tutorial and find something that teaches you how to use mysqli or PDO. Commented Nov 26, 2010 at 16:30
  • Two off-topic tips: use mysqli or PDO instead of the mysql connector. The're safer and faster. Also, add a salt to the md5($password) function for safety. Commented Nov 26, 2010 at 18:03

3 Answers 3

Reset to default
1

The dot (.) is the glue for string concatenation. It is used also for separating variables:

"First part of a string". $myvar ." second part of a string"

The double quotes is the way we say that that is a string:

123

is considered an integer,

"123"

is considered a string.

And finally the single quote is a part of the mysql syntax that requires the strings to be surrounded by '.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The dot operator is the glue for string concatenation. The double quotes represent the start and end of a string. "string1" . "string2" . "string3" would be equivilant to: "string1string2string3".

Improve this answer

Comments

0

The (.) is concatenating the whole string together. see here string operators

If you echo'ed the query it would look something like this.

INSERT INTO users (username, password, email, hash) 
    VALUES ('Jeff', 'hashedpassword', '[email protected]', 'somehash')
Improve this answer

1 Comment

Exactly! Don't think of the quotes enclosing the mysql_escape_string function! The single-quotes are actually just characters inside the string. The double-quotes delimit the strings, and the dots glue everything together. When everything is glued together into a single string the single-quotes will enclose the values, just as this answer shows.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.