For example, check this following query;
$query = "SELECT * FROM users WHERE user='{$_POST['username']}';
What’s the use?
In string contexts, I do understand the problem it solves.
I can do stuff like
$animal = “cat”
echo “{$animal}s.” // outputs cats
but in the SQL I posted above, I just don’t get it.
Wouldn’t the following be equally good?
$query = "SELECT * FROM users WHERE user='$_POST['username']' AND password='$_POST['password']'";
So, Where does using the { and } get handy? Appreciate any example in SQL context?
See http://www.php.net/manual/de/language.types.string.php#language.types.string.parsing for the double quote string syntax.
The curly braces are for complex variable expressions. They are interpreted by PHP, not by the SQL interface.
The above will lead to an parsing error. Without curly braces you have to write:
Note the lack of key quotes. This only works for a simple array access, and for a simple object property expression. For anything more complex, use the curly braces.
Now that you know that, do a pinky swear that you won’t ever do so. Because interpolating user input directly there is not a good idea. http://bobby-tables.com/
Do yourself a favour and use PDO with prepared statements. So much easier.
But to give an example for a more complex curly string syntax, this is what I’d do:
(Does some inline filtering and quoting. Just as example, does not work with default PHP setups.)