This question already has an answer here:
- PHP - concatenate or directly insert variables in string 12 answers
- PHP variable interpolation vs concatenation [duplicate] 1 answer
- How can I prevent SQL injection in PHP? 28 answers
- Single quotes or double quotes for variable concatenation? [closed] 10 answers
- What is the difference between single-quoted and double-quoted strings in PHP? 10 answers
I have this code:
$sql=mysqli_query($dbc, "SELECT * FROM users WHERE user = '".$username."'");
but why so many people do this if
$query = "SELECT type FROM users WHERE user = '$username' ";
works fine too? And if we have multiple values we can just do
$query = "SELECT type FROM users WHERE user = '$username', '$pass' ";
I couldn't find any explanations on this syntax on the internet.
</div>