$q = $dbh->query("SELECT dish,price FROM meals WHERE meal LIKE '" . $_POST['meal'] ."'");
i have looked for lots of articles,finding in mysql,behind LIKE there are two
institutions,some use ‘’,and some use " ",i don’t know which is right ?
two:
in the above it uses " behind LIKE,i think it’s wrong,and the right is
LIKE ’ $_POST[‘meal’] '"); am i right ?
You have two syntaxes to think about, PHP and SQL.
The SQL query you want will have single quotes in it.
SELECT dish, price FROM meals WHERE meal LIKE '%something%'
The PHP code is building a string by concatenating literal strings, enclosed in double quotes, with variables.
$string = "Some literal concatenated with a " . $variable . " plus another literal string";
Your literal string contains single quotes, so you will have single quotes within the double quoted literal.
$string = "A literal with 'single quotes' inside of it.";
The single quotes just happen to need to be before and after the variable you’re concatenating with the strings, so you get the double quotes following the single quotes.
$string = "A string with a '" . $variable . "' enclosed in single quotes.";
according to your said,
i find the two example is the same,both hava a variable to concatenate,but the display is different,one has an single quotes after a,one don’t.why ?
i know ,the above’s output is only the $variable ,but the next is the $variable 's value.is this the reason?
The examples are not the same; in one instance the resulting string assigned to $string has single quotes within the string, in the other it does not. It’s not syntax there, it’s part of the string you’re assigning to a variable. Play around with it until you figure it out. Your goal is to build a SQL query, a string, that contains single quotes, as that’s the SQL syntax. The reason for the single quotes in the code will become obvious.