Home/ Questions/Q 6385019
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T02:50:49+00:00

Is there any differences in using single quotes vs. using double quotes around a

  • 0

Is there any differences in using single quotes vs. using double quotes around a whole SQL query?

Which is better:

This approach (with single quotes):

    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

    $sql = 'SELECT * FROM users WHERE username = "' . $username . '" AND password = "' . $password . '" LIMIT 1';

?

Or this approach (using double quotes):

    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

    $sql = "SELECT * FROM users WHERE username = '{$username}' AND password = '{$password}' LIMIT 1";

Is there a better way to accomplish this?

For me I like the first approach as I always prefer single quotes in PHP. So I want to make sure that using single quotes around a whole SQL query is OK and using double quotes around variables or data is OK and is cross-platform and could be used with databases other than MySQL!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Use PDO instead of either of these approaches. It will allow you to use parameters instead of strings.

    $sth = $dbh->prepare('SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1');
$sth->bindParam(':username', $username, PDO::PARAM_STR);
$sth->bindParam(':password', $password, PDO::PARAM_STR);
$sth->execute();

    By the way, make sure that you’re not using passwords in plain text at the same time.

    • 0