1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Is using double quotes for indicating string harmful?

Discussion in 'MySQL' started by Ian08, Sep 20, 2017.

  1. #1
    A bit of searching on the internet told me that, in MySQL, single quotes are used to indicate the beginning and end of a string and double quotes generally aren't used.

    My question is: Is using double quotes for indicating the beginning and end of a string harmful or does it make the execution of the query slower?
     
    Solved! View solution.
    Ian08, Sep 20, 2017 IP
  2. #2
    It's not recommended, but it's not harmful. It will lead to messy code, though, and you might have to consider how you wrap the whole query (single or double quotes) as well, since you cannot use double quotes to wrap a variable if you wrap the entire query with double quotes. Use single quotes. Plain and simple. Or, better, use prepared statements, which means you don't have to use quotes at all.
     
    PoPSiCLe, Sep 21, 2017 IP
    Ian08 likes this.
  3. Ian08

    Ian08 Well-Known Member

    Messages:
    93
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    108
    #3
    Thank you. The reason I want to know whether it is harmful or not is because I prefer wrapping whole MySQL query in single quotes for faster PHP execution and I also want to keep my query codes as clean as possible.

    If using double quotes for indicating string is not harmful, I can simply write my query codes like this:
    mysqli_query($conn, 'SELECT * FROM `mytable` WHERE `full_name` = "' . $full_name . '"');
    PHP:
    But if using double quotes for indicating string is harmful, I would have to use single quotes for indicating strings instead and add back slash like the following line. And when the number of variables increase, the codes become more messy.
    mysqli_query($conn, 'SELECT * FROM `mytable` WHERE `full_name` = \'' . $full_name . '\'');
    PHP:
    Since you said it's not harmful, I guess I will go ahead and use it.
     
    Ian08, Sep 21, 2017 IP
  4. jestep

    jestep Prominent Member

    Messages:
    3,659
    Likes Received:
    215
    Best Answers:
    19
    Trophy Points:
    330
    #4
    The difference in execution speed for an instance like this is negligible.

    You could just as well do this for easier readability and it shouldn't affect the execution speed.

    
    mysqli_query($conn, "SELECT * FROM `mytable` WHERE `full_name` = '" . $full_name . "'");
    
    PHP:
    Also, not that it was brought up, but make sure you're sanitizing your $full_name variable or any other user provided data if you aren't going to use prepared statements or something like PDO.
     
    jestep, Sep 22, 2017 IP
    Ian08 likes this.
  5. Ian08

    Ian08 Well-Known Member

    Messages:
    93
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    108
    #5
    Ian08, Sep 22, 2017 IP
  6. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #6
    Okay, lets go through this again... the CONCATING of strings, is what is gonna affect speed (even though even that is minimal). Not the quotes you decide to use. Regardless, using variables in a query directly is frowned upon in modern web development, and is the reason why we have prepared queries.

    So, for your query (disregarding the obvious potential risk of using variables directly in a query), THIS will be the fastest method:
    
    mysqli_query($conn, "SELECT * FROM `mytable` WHERE `full_name` = '$full_name'");
    
    PHP:
     
    PoPSiCLe, Sep 22, 2017 IP
  7. Ian08

    Ian08 Well-Known Member

    Messages:
    93
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    108
    #7
    But doesn't PHP have to spend extra time to figure out if there are variables inside double quotes when it is parsing the code inside double quotes?

    I have been under the impression that, theoretically, using single quotes + concatenation is supposed to be faster than using only double quotes because of the aforementioned reason.
     
    Ian08, Sep 22, 2017 IP
  8. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #8
    Concatenating the variables inside a query gives no benefits, really, and might lead to unwanted results if the variables used is returned from functions, for instance. Hence why the simplest way is most often the best way (when it comes to queries). Again, however, you should really try to get it to work with prepared statements. There are plenty of benefits to that approach, and next to no issues, and it will make your code better; both more future-proof, and more mature. I would recommend PDO before mysqli_ (since I'm more used to PDO, but also because the whole syntax is simpler and less roundabout than mysqli_).
     
    PoPSiCLe, Sep 22, 2017 IP
  9. Ian08

    Ian08 Well-Known Member

    Messages:
    93
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    108
    #9
    I see. I would definitely use prepared statements when I have to repeat the same query with different parameters. In my current case, I only need to execute one or two queries.
     
    Ian08, Sep 22, 2017 IP
  10. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #10
    Well, yes, that is one of the benefits, but the main benefit is the (mostly) elimination of SQL injection attack vectors. Again, as long as your variables doesn't contain any user-generated content, you should be fine either way.
     
    PoPSiCLe, Sep 22, 2017 IP
    Ian08 likes this.
  11. Ian08

    Ian08 Well-Known Member

    Messages:
    93
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    108
    #11
    Ian08, Sep 23, 2017 IP