0

Is there any difference between this 3 query?

query 1

$query = "INSERT INTO reserve( c_id, c_username, r_id, r_name, checkin, checkout)";
$query .= " VALUES ( $c_id, $c_username, $r_id, $r_name, $checkin, $checkout )";

query 2

$sql = "INSERT INTO reserve( c_id, c_username, r_id, r_name, checkin, checkout)
VALUES ( '$c_id' , '$c_username', '$r_id', '$r_name', '$checkin', '$checkout' )";

query 3

$result = $mysqli->query("INSERT INTO reserve (c_id, c_username, r_id, r_name, checkin, checkout) VALUES ('$c_id' , '$c_username', '$r_id', '$r_name', '$checkin', '$checkout');")

And which one should I use to select a data from my database and which one should I use to insert data into database

Dharman
  • 30,962
  • 25
  • 85
  • 135
Adam
  • 13
  • 5
  • 4
    None of them. Learn to use parameters properly for passing parameters into a query. – Gordon Linoff Apr 23 '17 at 15:18
  • 1
    Possible duplicate of [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – chris85 Apr 23 '17 at 15:36
  • @Gordon Linoff do you know where I can learn about query...w3school is not that helping.......Considering i have zero knowledge regarding mysqli query. Thank you for your reply – Adam Apr 23 '17 at 15:56

1 Answers1

-1

On a quickly glance they all appear to do the same thing. You don't need to learn parameter passing at your stage. Be aware of injection attacks and clean those variables before you do calls.

I tend to do this for readability:

$sql = "INSERT INTO reserve(c_id
                           ,c_username
                           ,r_id
                           ,r_name
                           ,checkin
                           ,checkout)
                   VALUES ('$c_id'
                          ,'$c_username'
                          ,'$r_id'
                          ,'$r_name'
                          ,'$checkin'
                          ,'$checkout')";
user1747992
  • 53
  • 5