Background info

I’m a guy who isn’t very familiar with MySQL or PHP, who’s debugging a project that another guy wrote in MySQL and PHP 🙂

The website is being moved to new servers. Both are Windows servers and serve PHP through IIS.

The old server ran PHP 5.1.2 and MySQL 14.12 Distrib 5.0.22, for Win32.

The new server runs PHP 5.3.6 and MySQL 14.14 Distrib 5.1.57, for Win64

I’ve done my best to match the .ini-files as far as seemed prudent.

Why did the quotes work?

On the old server SQL queries like this seem to work:

$db_query = mysql_query("SELECT * FROM $db_table ORDER BY 'id'")
$db_query = mysql_query("SELECT * FROM $db_table ORDER BY '$orderby'")

On the new server, these queries fail unless I remove the single quotes.

Why did this work on the old server and not on the new one? Is it due to changes between versions in MySQL or PHP?

Why would the guy who programmed it use single quotes in the first place?

Oh, and before you guys start raving about injection attacks – we’re aware of the risks – this site is strictly for internal use

EDIT

I found this piece of code:

$db_query_str = $db_query_str . " ORDER BY '$orderby' DESC";
[...code...]
$db_query = $mysql_query($db_query_str);

$orderby can be for example dateofpurchase.

As far as I understand, this would result in a query string that ends with ORDER BY 'dateofpurchase' DESC? That still looks strange to my eyes.