I am trying to learn the best way to write queries. I also understand the importance of being consistent. Until now, I have randomly used single quotes, double quotes, and backt
In combination of PHP and MySQL, double quotes and single quotes make your query-writing time so much easier.
$query = "INSERT INTO `table` (`id`, `col1`, `col2`) VALUES (NULL, '$val1', '$val2')";
Now, suppose you are using a direct post variable into the MySQL query then, use it this way:
$query = "INSERT INTO `table` (`id`, `name`, `email`) VALUES (' ".$_POST['id']." ', ' ".$_POST['name']." ', ' ".$_POST['email']." ')";
This is the best practice for using PHP variables into MySQL.
(There are good answers above regarding the SQL nature of your question, but this may also be relevant if you are new to PHP.)
Perhaps it is important to mention that PHP handles single and double quoted strings differently...
Single-quoted strings are 'literals' and are pretty much WYSIWYG strings. Double-quoted strings are interpreted by PHP for possible variable-substitution (backticks in PHP are not exactly strings; they execute a command in the shell and return the result).
Examples:
$foo = "bar";
echo 'there is a $foo'; // There is a $foo
echo "there is a $foo"; // There is a bar
echo `ls -l`; // ... a directory list
In MySQL, these symbols are used to delimit a query `
,"
,'
and ()
.
"
or '
are used for enclosing string-like values "26-01-2014 00:00:00"
or '26-01-2014 00:00:00'
. These symbols are only for strings, not aggregate functions like now
, sum
, or max
.
`
is used for enclosing table or column names, e.g. select `column_name` from `table_name` where id='2'
(
and )
simply enclose parts of a query e.g. select `column_name` from `table_name` where (id='2' and gender='male') or name='rakesh'
.
There has been many helpful answers here, generally culminating into two points.
AND as @MichaelBerkowski said
Backticks are to be used for table and column identifiers, but are only necessary when the identifier is a
MySQL
reserved keyword, or when the identifier contains whitespace characters or characters beyond a limited set (see below) It is often recommended to avoid using reserved keywords as column or table identifiers when possible, avoiding the quoting issue.
There is a case though where an identifier can neither be a reserved keyword or contain whitespace or characters beyond limited set but necessarily require backticks around them.
EXAMPLE
123E10
is a valid identifier name but also a valid INTEGER
literal.
[Without going into detail how you would get such an identifier name], Suppose I want to create a temporary table named 123456e6
.
No ERROR on backticks.
DB [XXX]> create temporary table `123456e6` (`id` char (8));
Query OK, 0 rows affected (0.03 sec)
ERROR when not using backticks.
DB [XXX]> create temporary table 123451e6 (`id` char (8));
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '123451e6 (`id` char (8))' at line 1
However, 123451a6
is a perfectly fine identifier name (without back ticks).
DB [XXX]> create temporary table 123451a6 (`id` char (8));
Query OK, 0 rows affected (0.03 sec)
This is completely because 1234156e6
is also an exponential number.
There are two types of quotes in MySQL:
'
for enclosing string literals`
for enclosing identifiers such as table and column namesAnd then there is "
which is a special case. It could be used for one of above-mentioned purposes at a time depending on MySQL server's sql_mode:
"
character can be used to enclose string literals just like '
"
character can be used to enclose identifiers just like `
SELECT "column" FROM table WHERE foo = "bar"
The query will select the string literal "column"
where column foo
is equal to string "bar"
The query will select the column column
where column foo
is equal to column bar
"
so that your code becomes independent of SQL modesIt is sometimes useful to not use quotes... because this can highlight issues in the code generating the query... For example:
Where x and y are should always be integers...
SELECT * FROM table
WHERE x= AND y=0
Is a SQL syntax error... a little lazy but can be useful...