In another thread someone mentioned that it was bad to enclose a php variable in quotes when it is part of an sql query
because it can apparently cause errors as some DB servers won't allow it whilst some will.PHP Code:
I've been flicking through the books I've got on php and they all enclose the variable with ' that includes recent ones by SitePoint. When looking at the PHP Manual, some examples enclose the variables in ' and some use placeholders (which I don't know if they are very secure). Why don't all books and sites show the variables without being enclosed by '
which should be more universally correct to enable the same query to be used on any db server, ie MySQL, Oracle, MS SQL, etc?PHP Code: