0

I am a newbie and try to learn PHP especially INSERT INTO statement. I'm know that if we insert value for String we must use '' syntax. But i don't understand meaning of {} syntax for "title" and"link". Any guys can explain for me. Thanks a lot.

enter image description here

mickmackusa
  • 43,625
  • 12
  • 83
  • 136
Steve
  • 11
  • You're looking at a templated string. A string enclosed in double quotes in PHP can be written this way. `$varName = 'hello'; echo "varName is {$varname}\n";` will output `varName is hello`. The item between `{}` is a variable whose value is used. @mickmackusa says it's poor practice because it's ripe for a SQL injection attack. He's correct for this context, but the general practice of templated strings is NOT bad. – J.D. Pace Nov 15 '17 at 03:58
  • 1
    Do NOT use that query, it is insecure. Research mysqli prepared statements with placeholders. – mickmackusa Nov 15 '17 at 04:00
  • Please include your code as text, not a screenshot. – Neil Nov 15 '17 at 07:52

1 Answers1

1

On Sql side there is no difference between '$title' or '{$title}' . but in php {$title} is a more complete syntax of $title, that allows one to use :

  • "this is post {$title}s"
  • "{$object->data}"
  • "{$array['data']}"
  • "{$array['data']->obj->plop['test']}"

The curly braces "escape" the PHP variable and are not passed to MySQL. With a simple variable like $title it doesn't make a difference but with something like $post['title'] it does. for more information check this

shubham715
  • 3,324
  • 1
  • 17
  • 27