This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
Okay, this may seem very basic but I am so tired of seeing everyone write their queries just a little differently, and I am looking for the generally accepted best practice.
I see in the PHP documentation that their query examples have no backticks for the table names:
mysqli_query($link, "SELECT Name FROM City LIMIT 10")
However, I see many people using backticks for the table names, like:
mysqli_query($link, "SELECT `Name` FROM `City` LIMIT 10")
So, which is it? I am leaning more towards not using them, because not only does the PHP documentation page linked to above not use them, I also found on this page it says: "Unlike some other languages, backticks have no special meaning within double-quoted strings."
Well, every MySQLi query will be contained within double-quotes, right? So, is there no point in using them?
The backticks aren't there for the sake of the PHP interpreter, they're there for the MySQL parser. Backticks allow you to reference tables/fields that have spaces (or other characters that would normally result in a syntax error - e.g. -) in them. For instance, if you had a field called city name, you would have to use backticks around it when referencing it in your query.
From what I've seen, the generally accepted convention is to simply avoid using spaces in field names. Since backticks no longer serve a purpose, they are generally omitted (YMMV depending on employer).
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 2 years ago.
I am working on a project where another developer created a table with column names like 'Business Name'. That is a space between two words. If I run a SELECT statement with 'Business Name' it says there is no column with name 'Business'.
How can I solve this problem?
Generally the first step is to not do that in the first place, but if this is already done, then you need to resort to properly quoting your column names:
SELECT `Business Name` FROM annoying_table
Usually these sorts of things are created by people who have used something like Microsoft Access and always use a GUI to do their thing.
If double quotes does not work , try including the string within square brackets.
For eg:
SELECT "Business Name","Other Name" FROM your_Table
can be changed as
SELECT [Business Name],[Other Name] FROM your_Table
You need to use backtick instead of single quotes:
Single quote - 'Business Name' - Wrong
Backtick - `Business Name` - Correct
To each his own but the right way to code this is to rename the columns inserting underscore so there are no gaps. This will ensure zero errors when coding. When printing the column names for public display you could search-and-replace to replace the underscore with a space.
I got here with an MS Access problem.
Backticks are good for MySQL, but they create weird errors, like "Invalid Query Name: Query1" in MS Access, for MS Access only, use square brackets:
It should look like this
SELECT Customer.[Customer ID], Customer.[Full Name] ...
I think double quotes works too:
SELECT "Business Name","Other Name" FROM your_Table
But I only tested on SQL Server NOT mySQL in case someone work with MS SQL Server.
This question already has answers here:
How to deal with SQL column names that look like SQL keywords?
(17 answers)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 6 years ago.
update cometchat set read='1' where id='18'
SQL Error 156:Incorrect syntax near the keyword 'read'.
Can you guys help me how do I do that?
Read is a reserved word. You need to escape it.
Also, if the values are integers, you should not use the single quotes around them.
If It's Sql Server (and it is, based on the error message), you need to use square brackets:
update cometchat set [read]=1 where id=18
In MySql, your query should look like this:
update cometchat set `read`=1 where id=18
You shouldn't put quotes around int values in your query as it converts them to type string.
Should I quote numbers in SQL?
UPDATE cometchat SET `read`=1 WHERE id=18
**Edit:
You're also using a reserved keyword, and need to escape it, see:
https://dev.mysql.com/doc/refman/5.5/en/keywords.html
Seriously...
UPDATE cometchat SET `read`=1...
"read" is a restricted keyword. It needs to be quoted.
Im working under Joomla 3.x
There are many different solution for building query objects.
More recent documentations seems to prefer this method:
$query->select("*")
$query->from($db->nameQuote('#__example_table'))
$query->where($db->nameQuote('id')." = ".$db->quote('999999'));
In similar pages there are some exapmles named as "fully quoted":
$query = "
SELECT *
FROM ".$db->nameQuote('#__example_table')."
WHERE ".$db->nameQuote('id')." = ".$db->quote('999999').";
";
And straight forward method:
$query = " SELECT *
FROM #__example_table
WHERE 'id' = '999999';
";
What is the difference between this methods?
When, one of them does not work but other methods can be executed successfully?
All of those methods will work as long as you stick to those aspects of SQL that do not differ from driver to driver or do not care about multi-support.
However please note that your three examples are not equivalent in that you are treating 999999 as a string in the first two and as an integer in the last one.
In general if you care at all about multi-database support or if you want to be sure that your queries won't blow up because you accidentally use a reserved word as a field name and didn't quote it correctly, then the first example is the best (possibly modified based on whether you mean 9999999 or '999999').
Here's why
All names are quotes with the correct type of marks.
Things will be correctly escaped (unless you say not to).
All strings are quoted correctly
It will work on all of the supported databases.
It is easy to correctly add additional statements when you need to modify that query because JDatabaseQuery puts them together correctly whatever order you put the statements in.
In terms of what the difference between quote types, in SQL drivers there is usually a difference between backticks and single quotes, $db->quote() gives you single quotes and $db->quoteName() gives you backticks.
This question already has answers here:
Using backticks around field names
(11 answers)
Closed 9 years ago.
e.g.
query is
SELECT `username`, `uid`,`email` from profile and `id`='0';
and
SELECT username, uid,email from profile and id='0';
both will yeild same result.
so why we should use or not use ` in mysql query.
You can name your columns anything if you use ` to delimit them. You could call it timestamp, restrict or any other keyword. Or you could call it 60000. Or you could call it domain of the flying spaghetti monster if you really wanted.
SELECT `domain of the flying spaghetti monster` FROM `table`
has to be the weirdest select query I've seen!
The backtick and nonbacktick versions that you show both do the same thing.
The main reason one would use backticks is to escapse a MySQL reserved word or a column with a space in the column name.
Backticks will allow you use mysql reserved words as column names. Which is not a good idea to use anyways.
Example:
SELECT from, insert,delete from profile and `id`='0'; will not work
SELECT `from`, `insert`,`delete` from profile and `id`='0'; will work
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 8 years ago.
$time=date("G:i:s j.n.Y");
$wholetime="$time";
mysql_query("INSERT INTO rivase_chat_posts SET sender='$user', content='$msg', time='$wholetime', 'to'='$affectuser'");
$msg="";
I am doing a private chat thing. That is my code. It results this error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ''to'='gs'' at line 1 ($user="gskartwii", $msg="HI",
$affectuser='gs')
For column names, use backticks rather than single-quotes:
`to`='$affectuser'
Single quotes are there for strings only. Backticks (normally left of the number 1 on your keyboard) are the things to use for column or table names in mysql.
Edit: As Michael Berkowski correctly points out, the reason you have to do this for the column name is because to is a reserved word in mysql - which is a lovely way of saying that it is a special word that mysql sees to mean something within a query normally. on that note, it really might not be the best idea to use the reserved words as columns in your table - you will have to backtick them in every single instance that you use them. You might want to consider renaming it to something like toUser which will probably make the rest of your project easier to SQL out :)
You put the 'to' between single quotes. Column names are not quoted, or between backquotes. Single quotes are for strings. You cannot update a string, hence SET 'to'='user' is an error.
INSERT INTO rivase_chat_posts
SET `sender`='$user', `content`='$msg', `time`='$wholetime', `to`='$affectuser'
UPDATE: comments say to is a reserved word and should always be escaped - using backquotes.
To is a reserved word. Escape it:
INSERT INTO rivase_chat_posts
SET sender='$user', content='$msg', time='$wholetime', `to` ='$affectuser'