By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,972 Members | 1,454 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,972 IT Pros & Developers. It's quick & easy.

Interesting Discussion with my PHP Teacher

P: n/a
I'm doing a website development course and during an exercise my teacher
gave me to do at home I was confronted with errors. Surprisingly, those
that did the exercise in class did not receive these errors. I told him
about the errors and we concluded that this was happening due to the
computers in class running php 4.3.2 and my computer is running php 4.3.6.
However I was told the way I solved the problem was uneligant code. He said
I should not code the way I did, even though I based the code from examples
I read from various php websites, because I would have trouble if a form
passed many variables, or if I had to pass variables between files. I
thought the way I was doing it was the correct, neat and tidy way to do it,
but I was told that it was the way new learning php coders do it so they can
understand, and I shouldn't do it that way. The line of code in question is
below.

The Teacher's code:

<?php

//return to input page if not all fields have been entered
//header redirection must appear at the top of the page before any screen
output
if ((!$_POST[product_no]) || (!$_POST[product_name]) || (!$_POST[unit]) ||
(!$_POST[unit_price]) || (!$_POST[enquiry])) {
header('Location: add_record.htm');
exit;
}

//get connection info from include file on hostname, username, password,
and database name
include('connect_info.php');

//connect to MySQL server and store connection info in the variable
$connection
$connection = @mysql_connect($hostname, $username, $password) or
die('Cannot connect to MySQL server.');

//select database and store connection info in the variable $db_selected
$db_selected = @mysql_select_db($db_name, $connection) or die('Cannot
connect to database.');

//construct SQL statement
$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$_POST[product_no]',
'$_POST[product_name]', '$_POST[unit]', '$_POST[unit_price]',
'$_POST[enquiry]')";

//execute SQL statement to insert record
@mysql_query($sql_statement, $connection) or die('Cannot query table.');

?>
----------------------------------------------------------------------------
---------
Errors caused in php 4.3.6 by this code:

Notice: Use of undefined constant product_no - assumed 'product_no' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5

Notice: Use of undefined constant product_name - assumed 'product_name' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5

Notice: Use of undefined constant unit - assumed 'unit' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5

Notice: Use of undefined constant unit_price - assumed 'unit_price' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5

Notice: Use of undefined constant enquiry - assumed 'enquiry' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5
------------------------------------------------------------------------
My code:
<?php

$product_no = $_POST['product_no']; // This is the part of the
code the teacher didnt like
$product_name = $_POST['product_name'];
$unit = $_POST['unit'];
$unit_price = $_POST['unit_price'];
$enquiry = $_POST['enquiry'];
//return to input page if not all fields have been entered
//header redirection must appear at the top of the page before any screen
output
if (!$product_no || !$product_name || !$unit || !$unit_price || !$enquiry)
{
header('Location: add_record.htm');
exit;
}

//get connection info from include file on hostname, username, password,
and database name
include('connect_info.php');

//connect to MySQL server and store connection info in the variable
$connection
$connection = @mysql_connect($hostname, $username, $password) or
die('Cannot connect to MySQL server.');

//select database and store connection info in the variable $db_selected
$db_selected = @mysql_select_db($db_name, $connection) or die('Cannot
connect to database.');

//construct SQL statement
$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$product_no', '$product_name', '$unit',
'$unit_price', '$enquiry')";

//execute SQL statement to insert record
@mysql_query($sql_statement, $connection) or die('Cannot query table.');

?>
----------------------------------------------------------------------------
-------

So is my code really that bad? How can I get the code to work if my way
really is that bad? I think the reason why the teacher's code is giving me
errors in php 4.3.6 is because the code does not quote in the posted form
values. For example $_POST[product_no] instead of $_POST['product_no'].
This can be easily fixed on line 5 where the error occurs, but I can't fix
it wher the sql statement is constructed because there are too many quotes.
For example:

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES ('$_POST[product_no]', '$_POST[product_name]',
'$_POST[unit]', '$_POST[unit_price]', '$_POST[enquiry]')";

needs to be:

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES ('$_POST['product_no']',
'$_POST['product_name']', '$_POST['unit']', '$_POST['unit_price']',
'$_POST['enquiry']')";

which of course will give you a parse error.

I eagerly await everyone's opinions on this :)

--
-Robert Smith
----------------------------------------------------------------------------
---------------------------------
Remove 'nospam.' from my email address if you wish to reply via email.
Jul 17 '05 #1
Share this Question
Share on Google+
13 Replies


P: n/a
In article <40**********************@news.optusnet.com.au>, Robert Smith wrote:
if ((!$_POST[product_no]) || (!$_POST[product_name]) || (!$_POST[unit]) ||
(!$_POST[unit_price]) || (!$_POST[enquiry])) {
Imho, it's cleaner to use isset($_POST['product_no'])

header('Location: add_record.htm');
This breaks HTTP/1.1, for more info read RFC 2616
http://www.w3.org/Protocols/rfc2616/....html#sec14.30
$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$_POST[product_no]',
'$_POST[product_name]', '$_POST[unit]', '$_POST[unit_price]',
'$_POST[enquiry]')";


Without having magic quotes on (or at least testing if they are on) it
is not a good idea to put these values directly in the database.

--
Tim Van Wassenhove <http://home.mysth.be/~timvw/contact.php>
Jul 17 '05 #2

P: n/a

"Robert Smith" <us***************@nospam.optusnet.com.au> wrote in message
news:40**********************@news.optusnet.com.au ...
I'm doing a website development course and during an exercise my teacher
gave me to do at home I was confronted with errors. Surprisingly, those
that did the exercise in class did not receive these errors. I told him
about the errors and we concluded that this was happening due to the
computers in class running php 4.3.2 and my computer is running php 4.3.6.
However I was told the way I solved the problem was uneligant code. He said I should not code the way I did, even though I based the code from examples I read from various php websites, because I would have trouble if a form
passed many variables, or if I had to pass variables between files. I
thought the way I was doing it was the correct, neat and tidy way to do it, but I was told that it was the way new learning php coders do it so they can understand, and I shouldn't do it that way. The line of code in question is below.

The Teacher's code:

<?php

//return to input page if not all fields have been entered
//header redirection must appear at the top of the page before any screen output
if ((!$_POST[product_no]) || (!$_POST[product_name]) || (!$_POST[unit]) || (!$_POST[unit_price]) || (!$_POST[enquiry])) {
header('Location: add_record.htm');
exit;
}

//get connection info from include file on hostname, username, password,
and database name
include('connect_info.php');

//connect to MySQL server and store connection info in the variable
$connection
$connection = @mysql_connect($hostname, $username, $password) or
die('Cannot connect to MySQL server.');

//select database and store connection info in the variable $db_selected
$db_selected = @mysql_select_db($db_name, $connection) or die('Cannot
connect to database.');

//construct SQL statement
$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$_POST[product_no]',
'$_POST[product_name]', '$_POST[unit]', '$_POST[unit_price]',
'$_POST[enquiry]')";

//execute SQL statement to insert record
@mysql_query($sql_statement, $connection) or die('Cannot query table.');

?>
-------------------------------------------------------------------------- -- ---------
Errors caused in php 4.3.6 by this code:

Notice: Use of undefined constant product_no - assumed 'product_no' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5

Notice: Use of undefined constant product_name - assumed 'product_name' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5

Notice: Use of undefined constant unit - assumed 'unit' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5

Notice: Use of undefined constant unit_price - assumed 'unit_price' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5

Notice: Use of undefined constant enquiry - assumed 'enquiry' in
C:\Inetpub\wwwroot\class_work\original_do_add_reco rd.php on line 5
------------------------------------------------------------------------
My code:
<?php

$product_no = $_POST['product_no']; // This is the part of the
code the teacher didnt like
$product_name = $_POST['product_name'];
$unit = $_POST['unit'];
$unit_price = $_POST['unit_price'];
$enquiry = $_POST['enquiry'];
//return to input page if not all fields have been entered
//header redirection must appear at the top of the page before any screen output
if (!$product_no || !$product_name || !$unit || !$unit_price || !$enquiry) {
header('Location: add_record.htm');
exit;
}

//get connection info from include file on hostname, username, password,
and database name
include('connect_info.php');

//connect to MySQL server and store connection info in the variable
$connection
$connection = @mysql_connect($hostname, $username, $password) or
die('Cannot connect to MySQL server.');

//select database and store connection info in the variable $db_selected
$db_selected = @mysql_select_db($db_name, $connection) or die('Cannot
connect to database.');

//construct SQL statement
$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$product_no', '$product_name', '$unit', '$unit_price', '$enquiry')";

//execute SQL statement to insert record
@mysql_query($sql_statement, $connection) or die('Cannot query table.');

?>
-------------------------------------------------------------------------- -- -------

So is my code really that bad? How can I get the code to work if my way
really is that bad? I think the reason why the teacher's code is giving me errors in php 4.3.6 is because the code does not quote in the posted form
values. For example $_POST[product_no] instead of $_POST['product_no'].
This can be easily fixed on line 5 where the error occurs, but I can't fix
it wher the sql statement is constructed because there are too many quotes. For example:

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit, unit_price, enquiry) VALUES ('$_POST[product_no]', '$_POST[product_name]',
'$_POST[unit]', '$_POST[unit_price]', '$_POST[enquiry]')";

needs to be:

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit, unit_price, enquiry) VALUES ('$_POST['product_no']',
'$_POST['product_name']', '$_POST['unit']', '$_POST['unit_price']',
'$_POST['enquiry']')";

which of course will give you a parse error.

I eagerly await everyone's opinions on this :)

--
-Robert Smith


Are you omitting define("product_no","product_no") and such? Why is he using
constants as array keys anyway? Use strings like you are.

Is he objecting fundamentally to recasting array values as variables purely
for clarity?

Your teacher is trying to inflict a coding style on you - coding is half art
and half logic, and your sense of art is in conflict with his. From
experience, take it on board, do what you need to do to pass the course then
change right back to being you - you will learn what's right or wrong, easy
or hard for yourself with practise.

For what it's worth, I think your style is easier to read as a third party
than his and in the learning stages, that's worth a whole extra grade
because you understand it.

Garp
Jul 17 '05 #3

P: n/a
> "Robert Smith" <us***************@nospam.optusnet.com.au> wrote in message
news:40**********************@news.optusnet.com.au ...

<sniiiiiip>

Oops, forgot to trim the quote. Apologies.

Garp
Jul 17 '05 #4

P: n/a
Robert Smith wrote:
The Teacher's code:
I'm not going to comment on the teacher's code :-)
(snip teacher's code)
My code:
My comments are preceded with ##
<?php

$product_no = $_POST['product_no']; // This is the part of the
// code the teacher didnt like
$product_name = $_POST['product_name'];
$unit = $_POST['unit'];
$unit_price = $_POST['unit_price'];
$enquiry = $_POST['enquiry'];

## You already have the variables available,
## no need to create another set just to make it easier
## to write the code.
## For a small script like this one, it isn't that much different
## using $product_name or $_POST['product_name'];
## but as your scripts grow larger, I think it helps to keep the
## variables separate

//return to input page if not all fields have been entered
//header redirection must appear at the top of the page before any screen
//output
if (!$product_no || !$product_name || !$unit || !$unit_price || !$enquiry)
{
header('Location: add_record.htm');
exit;

## some browsers may not follow the redirect;
## allow them to continue anyway (I usually output a
## complete HTML page: html, head, title, body)
exit('Redirected <a href="add_record_htm">here</a>.');

## Oh! and the URL should be a complete one, at least in the
## header() call
## header('Location: http://www.yourserver.com/add_record.htm');

}

//get connection info from include file on hostname, username, password,
//and database name
include('connect_info.php');

## if, for some reason, connect_info.php cannot be read, instead of
## continuing running the script (with a warning) halt with
## a fatal error.
require 'connect_info.php';

## or
## require_once 'connect_info.php';

//connect to MySQL server and store connection info in the variable
//$connection
$connection = @mysql_connect($hostname, $username, $password) or
die('Cannot connect to MySQL server.');

//select database and store connection info in the variable $db_selected
$db_selected = @mysql_select_db($db_name, $connection) or die('Cannot
connect to database.');

//construct SQL statement
$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$product_no', '$product_name', '$unit',
'$unit_price', '$enquiry')";

//execute SQL statement to insert record
@mysql_query($sql_statement, $connection) or die('Cannot query table.');

## ... or die('whatever ' . mysql_error());

## unless you want to hide the errors from your users (which is a good
## idea!), but then it's better to log the error somewhere instead of
## just dying with a constant message

## $resource = mysql_*(...);
## if (!$resource) {
## some_logging_function(mysql_error());
## die('Error message');
## }

?>
----------------------------------------------------------------------------
-------

So is my code really that bad? How can I get the code to work if my way
really is that bad? I think the reason why the teacher's code is giving me
errors in php 4.3.6 is because the code does not quote in the posted form
values. For example $_POST[product_no] instead of $_POST['product_no'].
This can be easily fixed on line 5 where the error occurs, but I can't fix
it wher the sql statement is constructed because there are too many quotes.
For example:

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES ('$_POST[product_no]', '$_POST[product_name]',
'$_POST[unit]', '$_POST[unit_price]', '$_POST[enquiry]')";

needs to be:

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES ('$_POST['product_no']',
'$_POST['product_name']', '$_POST['unit']', '$_POST['unit_price']',
'$_POST['enquiry']')";

which of course will give you a parse error.

## Use { } to delimit array variables inside double quotes

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES ('{$_POST['product_no']}',
'{$_POST['product_name']}', '{$_POST['unit']}', '{$_POST['unit_price']}',
'{$_POST['enquiry']}')";

--
USENET would be a better place if everybody read: : mail address :
http://www.catb.org/~esr/faqs/smart-questions.html : is valid for :
http://www.netmeister.org/news/learn2quote2.html : "text/plain" :
http://www.expita.com/nomime.html : to 10K bytes :
Jul 17 '05 #5

P: n/a
On 2004-05-31, Robert Smith <us***************@nospam.optusnet.com.au> wrote:
if ((!$_POST[product_no]) || (!$_POST[product_name]) || (!$_POST[unit]) ||
(!$_POST[unit_price]) || (!$_POST[enquiry])) {
Please remember that constants are invalid here, but...
$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$_POST[product_no]',
'$_POST[product_name]', '$_POST[unit]', '$_POST[unit_price]',
'$_POST[enquiry]')";


They're perfectly valid in a string context, because...

$_POST values (I would prefer $_REQUEST, though) are hashes with string keys.
Fine that it's fixed in later versions of PHP.
In string contextes however you can't refer to keys with strings as you are
in a string context itself. Thus you can omit the quotes.

Your code should use this version:
$product_no = isset($_POST['product_no'])?$_POST['product_no']:NULL;

This wouldn't even raise notices if fascist error reporting is on. It's then
perfectly safe to use this. Probably he (the teacher) remembers
register_globals, which /is/ unsafe when the variables are not initialised.

Bye,
phil
--
Please send replys (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de
Jul 17 '05 #6

P: n/a
On Mon, 31 May 2004 18:47:59 +1000, "Robert Smith"
<us***************@nospam.optusnet.com.au> wrote:
$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES ('$_POST[product_no]', '$_POST[product_name]',
'$_POST[unit]', '$_POST[unit_price]', '$_POST[enquiry]')";

needs to be:

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES ('$_POST['product_no']',
'$_POST['product_name']', '$_POST['unit']', '$_POST['unit_price']',
'$_POST['enquiry']')";

which of course will give you a parse error.


I personally prefer not to rely on PHP's interpolation and concatenate
the values:

$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES
('".addslashes($_POST["product_no"].',
'".addslashes($_POST["product_name"]."', ...";

It may look a bit uglier, but it means my syntax highlighter correctly
hightlights everything.

--
David ( @priz.co.uk )
Jul 17 '05 #7

P: n/a

"David Mackenzie" <me@privacy.net> wrote in message
news:qs********************************@4ax.com...
On Mon, 31 May 2004 18:47:59 +1000, "Robert Smith"
<us***************@nospam.optusnet.com.au> wrote:
<snip>
I personally prefer not to rely on PHP's interpolation and concatenate
the values:

$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES
('".addslashes($_POST["product_no"].',
'".addslashes($_POST["product_name"]."', ...";

It may look a bit uglier, but it means my syntax highlighter correctly
hightlights everything.

--
David ( @priz.co.uk )


Me too, but I do it by constructing arrays and using join(",",$values).

Garp

Jul 17 '05 #8

P: n/a
I noticed that Message-ID:
<40**********************@news.optusnet.com.au> from Robert Smith
contained the following:
I'm doing a website development course and during an exercise my teacher
gave me to do at home I was confronted with errors. Surprisingly, those
that did the exercise in class did not receive these errors. I told him
about the errors and we concluded that this was happening due to the
computers in class running php 4.3.2 and my computer is running php 4.3.6.
However I was told the way I solved the problem was uneligant code.


I don't think anyone has mentioned this but it looks like a different
level of error reporting. You can solve the problem at home by using
!isset($_POST['input']) instead of !$_POST['input'] and show your
teacher the error of his ways by putting error_reporting(E_ALL); at the
beginning of your class scripts.

In short, you were both wrong. For a small value of wrong.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #9

P: n/a
"Philipp Kern" <tr***@philkern.de> wrote in message
news:sl******************@o2.net.philkern.de...
On 2004-05-31, Robert Smith <us***************@nospam.optusnet.com.au> wrote:
if ((!$_POST[product_no]) || (!$_POST[product_name]) || (!$_POST[unit]) || (!$_POST[unit_price]) || (!$_POST[enquiry])) {


Please remember that constants are invalid here, but...
$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$_POST[product_no]',
'$_POST[product_name]', '$_POST[unit]', '$_POST[unit_price]',
'$_POST[enquiry]')";


They're perfectly valid in a string context, because...

$_POST values (I would prefer $_REQUEST, though) are hashes with string

keys. Fine that it's fixed in later versions of PHP.
In string contextes however you can't refer to keys with strings as you are in a string context itself. Thus you can omit the quotes.

Your code should use this version:
$product_no = isset($_POST['product_no'])?$_POST['product_no']:NULL;

This wouldn't even raise notices if fascist error reporting is on. It's then perfectly safe to use this. Probably he (the teacher) remembers
register_globals, which /is/ unsafe when the variables are not

initialised.

I wan't to thank everyone for their responses, they have been helpful. I
wonder if you could explain this part a little clearer, as it is the main
part of the problem. I did some research and I found this page
http://au2.php.net/manual/en/function.addslashes.php . It says "The PHP
directive magic_quotes_gpc is on by default, and it essentially runs
addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on
strings that have already been escaped with magic_quotes_gpc as you'll then
do double escaping. The function get_magic_quotes_gpc() may come in handy
for checking this." I have checked phpinfo() and at home and at the lab we
work in magic quotes gpc is on. So doing further testing showed that:

$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$_POST[product_no]',
'$_POST[product_name]', '$_POST[unit]', '$_POST[unit_price]',
'$_POST[enquiry]')";

is perfectly legal but:

if (!$_POST[product_no] || !$_POST[product_name] || !$_POST[unit] ||
!$_POST[unit_price] || !$_POST[enquiry]) {

is not legal. I don't get it. I understand that in the if statement it
thinks that product_no is a constant, when it should be a string, and I
understand adding quotes here solves my problem, but I don't see the logic
in why it automatically quotes me in one part of the code, but not the
other.
--
-Robert Smith
----------------------------------------------------------------------------
---------------------------------
Remove 'nospam.' from my email address if you wish to reply via email.
Jul 17 '05 #10

P: n/a

"Pedro Graca" <he****@hotpop.com> wrote in message
news:sl*******************@ID-203069.user.uni-berlin.de...
## Use { } to delimit array variables inside double quotes

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit, unit_price, enquiry) VALUES ('{$_POST['product_no']}',
'{$_POST['product_name']}', '{$_POST['unit']}', '{$_POST['unit_price']}',
'{$_POST['enquiry']}')";


I see how that works. I tried:
$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES (\'$_POST['product_no']\',
\'$_POST['product_name']\', \'$_POST['unit']\', \'$_POST['unit_price']\',
\'$_POST['enquiry']\')";

thinking that would work, but it seems I don't understand escape characters
because it fails miserably. Why doesn't that work?

--
-Robert Smith
----------------------------------------------------------------------------
---------------------------------
Remove 'nospam.' from my email address if you wish to reply via email.
Jul 17 '05 #11

P: n/a
Robert Smith wrote:
I did some research and I found this page
http://au2.php.net/manual/en/function.addslashes.php . It says "The PHP
directive magic_quotes_gpc is on by default, and it essentially runs
addslashes() on all GET, POST, and COOKIE data. Do not use addslashes() on
strings that have already been escaped with magic_quotes_gpc as you'll then
do double escaping. The function get_magic_quotes_gpc() may come in handy
for checking this." I have checked phpinfo() and at home and at the lab we
work in magic quotes gpc is on. So doing further testing showed that:

$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES ('$_POST[product_no]',
'$_POST[product_name]', '$_POST[unit]', '$_POST[unit_price]',
'$_POST[enquiry]')";

is perfectly legal but:

if (!$_POST[product_no] || !$_POST[product_name] || !$_POST[unit] ||
!$_POST[unit_price] || !$_POST[enquiry]) {

is not legal.
This has nothing to do with addslashes() or magic_quotes
I don't get it. I understand that in the if statement it
thinks that product_no is a constant, when it should be a string, and I
understand adding quotes here solves my problem, but I don't see the logic
in why it automatically quotes me in one part of the code, but not the
other.


This is the way PHP deals with quoted strings:
http://www.php.net/manual/en/language.types.string.php

$name = 'Pedro';
$temp = "My name is $name.";

This works ok and $temp is assigned the string "My name is Pedro."
With arrays it gets more complicated :-)

$names['myself'] = 'Pedro';
$temp = "My name is $names[myself]";

OK, too (though not the way I like to code it). PHP interprets the
$names[myself] as $names['myself'] because it is *inside* the double
quotes.

$temp = 'My name is ' . $names['myself'] . '.';

Now, $names['myself'] is not inside double quotes, so it needs to be
written in full.

$temp = "My name is {$names['myself']}.";

Use the full name inside double quotes by surrounding the variable with
the braces.

To avoid (or rather, minimize) all these complications, I only use
double quotes sparingly. Examples:

echo "</div>\n"; # newline
$sql = "select count(*) from dbuser where name='$name'";
echo 'Found ', $num, " records.<br/>\n";

HTH
--
USENET would be a better place if everybody read: : mail address :
http://www.catb.org/~esr/faqs/smart-questions.html : is valid for :
http://www.netmeister.org/news/learn2quote2.html : "text/plain" :
http://www.expita.com/nomime.html : to 10K bytes :
Jul 17 '05 #12

P: n/a
Regarding this well-known quote, often attributed to Garp's famous "Mon, 31
May 2004 10:48:46 GMT" speech:
"David Mackenzie" <me@privacy.net> wrote in message
news:qs********************************@4ax.com...
On Mon, 31 May 2004 18:47:59 +1000, "Robert Smith"
<us***************@nospam.optusnet.com.au> wrote:

<snip>

I personally prefer not to rely on PHP's interpolation and concatenate
the values:

$sql_statement = "INSERT INTO product_table(product_no, product_name,
unit, unit_price, enquiry) VALUES
('".addslashes($_POST["product_no"].',
'".addslashes($_POST["product_name"]."', ...";

It may look a bit uglier, but it means my syntax highlighter correctly
hightlights everything.

--
David ( @priz.co.uk )


Me too, but I do it by constructing arrays and using join(",",$values).

Garp


Hmm... I like that... that one's going in the ol' brain file for later.

--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #13

P: n/a
Thankyou so much for your help. Everything is so much clearer now.

--
-Robert Smith
----------------------------------------------------------------------------
---------------------------------
Remove 'nospam.' from my email address if you wish to reply via email.
Jul 17 '05 #14

This discussion thread is closed

Replies have been disabled for this discussion.