what’s different between below two query’s on ‘.$string.’ and ‘$string’ SELECT * FROM users

Question

Asked: June 18, 20262026-06-18T00:05:51+00:00 2026-06-18T00:05:51+00:00

what’s different between below two query’s on '".$string."' and '$string'

SELECT * FROM users WHERE UserName='".$USERNAME."' AND Pass='".$PASS."'
/* AND */
SELECT * FROM users WHERE UserName='$USERNAME' AND Pass='$PASS'

if different what’s better for security ? strings always secure on input but just for above differents

EDIT:
I use above querys on PHP JUST and need it on it

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-06-18T00:05:52+00:00

There is no difference between them in your case.

But you’ll see a difference if the string you’re concatenating does not contain special chars (such as ') :

$b = 'b';
$string = "a" . $b . "c";

Is not equivalent to :

$b = 'b';
$string = "a$bc";

Because PHP will look for $bc variable. But this is equivalent to :

$b = 'b';
$string = "a{$b}c";

As well as your example is equivalent to :

SELECT * FROM users WHERE UserName='{$USERNAME}' AND Pass='{$PASS}'

But take care, the single quotted string :

$b = 'b';
$string = 'a{$b}c';

will be litteraly read as a{$b}c.

Finally, as @duskwuff warns, you should be aware of sql injections.

The Archive Base Latest Questions