p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: Quotes


Message #1 by "Anton Vorster" <avorster@k...> on Wed, 25 Sep 2002 14:06:21
Before I bug Nick any further with the script that won't work ...

Please explain to me what's wrong with the following:

$query = "SELECT userfirstname FROM $user_tablename 
   	 WHERE userid = \"$_POST['userid']\"";

This produces the following error:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting 
T_STRING or T_VARIABLE or T_NUM_STRING

It works if I just have:

$query = "SELECT userfirstname FROM $user_tablename 
   	 WHERE userid = '$_POST[userid]'";

but I know that 'userid' really must be enlosed in single quotes.  How do 
I accomplish this?

Nik or anybody else -- please help!

Many thanks
Anton
Message #2 by Peter Simard <peter@p...> on Wed, 25 Sep 2002 09:22:52 -0400


// this format is much more readable in an editor!!

I prefer: ( if user id is a string)
$query = "SELECT userfirstname FROM $user_tablename
         WHERE userid = '" . $_POST['userid'] . "'";

or if number:
$query = "SELECT userfirstname FROM $user_tablename
         WHERE userid = " . $_POST['userid'];

         Your  example  fails because the first backslashed quote ends
         the   query  string;  since the string is started with a " it
         can  only  be  ended  with  a  ",  which is what's happening,
         however, since there is more data to follow PHP
         expects the $_POST['userid'] to be either concatenated ( via the . )
         or placed within the quotes.

your code:
$query = "SELECT userfirstname FROM $user_tablename
         WHERE userid = \"$_POST['userid']\"";


Message #3 by "Anton Vorster" <avorster@k...> on Wed, 25 Sep 2002 17:58:16 +0200
Thanks, Peter

Great thing about being a newbie is the joy of learning so much -- every day
there's something new!

Regards,
Anton

Message #4 by "Nikolai Devereaux" <yomama@u...> on Wed, 25 Sep 2002 09:16:46 -0700
> but I know that 'userid' really must be enlosed in single quotes.  How do
> I accomplish this?

If you look at

  http://www.php.net/types.string#language.types.string.parsing

  you'll see that for simple array cases, you do NOT need to enclose a string
index within quotes.  What's happening in your example is that you're
attempting to find the index "'userid'" in the post array, where the single
quotes are part of the string index.  PHP wasn't expecting the ' character when
parsing tokens, since it knew it was parsing an array index.  Valid array
indexes are strings, variables, or numbers, which is why the parse error you
see says "expected T_STRING, ...".


Peter replied with this:

> Your  example  fails because the first backslashed quote ends
> the   query  string;  since the string is started with a " it
> can  only  be  ended  with  a  ",  which is what's happening,
> however, since there is more data to follow PHP
> expects the $_POST['userid'] to be either concatenated
> ( via the . ) or placed within the quotes.


Which, I believe, is _incorrect_.  In order to insert double-quotes in a double
quoted string, you escape them with a backslash, so your escaped quotes did NOT
terminate the string.

If Pete's suggestion was, in fact, the problem, your parse error would've said
something like

Parse error: parse error, unexpected T_VARIABLE in <x> on line <y>


Anyway, Peter's suggested alternatives all work, because they don't use
variable parsing; they use concatenation.  If you're NOT going to insert any
variables for parsing into a string, things run a little faster if you use
single-quoted strings, since PHP does NOT perform parsing & substitution within
them.

Concatenation is nice because it lets you format things in your source code so
that it's mostly readable on several lines, instead of having one looong line.


Anyway, I'd like to add curly brace syntax to the list of alternatives.  It's
required for more complex variable substitutions (like multidimensional
arrays).

That said, your code would work one of these two ways:


// curly brace syntax
$query = "SELECT userfirstname
          FROM {$user_tablename}
          WHERE userid = \"{$_POST['userid']}\"";

// no curly braces
$query = "SELECT userfirstname
          FROM $user_tablename
          WHERE userid = \"$_POST[userid]\"";


Again, here's the link for more info:
  http://www.php.net/types.string


Take care,

Nik


  Return to Index