Need help understanding this code

Drebin

I'm reading a book on PHP/MySQL and I'm having trouble understanding the following code:

mysql_select_db('books');
  $query = "insert into books values 
            ('".$isbn."', '".$author."', '".$title."', '".$price."')"; 
  $result = mysql_query($query);

I understand what it does, but I don't understand why each variable that is being stored in the database is surrounded by a single and double quote.

These variables are being taken from a form that a user fills out.

$isbn=$POST['isbn'];
$author=$POST['author'];
$title=$POST['title'];
$price=$POST['price'];

mtimdog

It could be rewritten as

<?
$query = "insert into books values 
            ('$isbn', '$author', '$title', '$price')";  


//but the first way is the "preferred" method 
//because of using arrays and such

$query="insert into books values ('".$_GET['isbn']."')";
//yet the below is the same
$query="insert into books values ('$_GET[isbn]')";

?>

I assume the true answer is to show you how to use "complicated" variables inside of strings.

What they're really doing is

$query="first part of insert string values ('"   .   $value1    .   "' rest of query string";

The 's are part of the SQL statements.

eoghain

The reason for the quoting is so that the query will look like this to the database sql engine:

insert into books values ('1234', 'john doe', 'my life', '$1.23')

You database needs to know if the value it's trying to insert is a number or a string, the single quotes tell it that it is a string.

Also whoever wrote this code was making sure that his variables stood out in the line, he was probably using a syntax highlighting development environment, and by placing the variables outside of the double quotes they will show up in a different color and therefore be easier to spot.

Here is an example:

$query = "insert into books values 
            ('".$isbn."', '".$author."', '".$title."', '".$price."')";  

$query = "insert into books values ('$isbn', '$author', '$title', '$price')";

Which one is it easier to tell the variables in?