 |
Account Login
|
 |
|
Latest Articles
|
|
|
IRC Channel
|
|
|
Associates
|
|
|
Associates
|
|
|
 |
|
|
|
09-11-2007, 09:23 PM
|
#1 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
Differences Between Single and Double Quotes
It may all seem a little trivial to be discussing which kinds of quotes to be using. However, there is a difference in PHP and it's important to know what those differences are. Really, it will save a lot of bills on boxes of aspirins in the long-run.
There are 3 types of quotes, but we will be looking at the 2. I will list the 3 below just so you know for future reference.
- 'This is the first type of quotes' - Everything inside these are taken literally.
- "This is the second type of quotes" - These can include variables which will be resolved to show the data they contain.
- `This is the third type of quotes` - Used only for executing commands on the system. Do NOT use these unless you wish to execute system commands. Technically called the backtick operator.
The first 2 are the types of quotes we will be concentrating on. For readability I use the single quotes for all text and the double quotes for new lines (of course unless I use PHP's constant, PHP_EOL). The new line and carriage return characters (\n and \r) will not be resolved inside single quotes and will be displayed literally. They MUST be encapsulated in double quotes for them to appear as new lines.
Take the following examples as a good reference to the difference between the 2:
Single Quotes
PHP Code:
$szBuddha = 'Buddha';
echo 'This is $szBuddha';
Result: This is $szBuddha
Double Quotes
PHP Code:
$szBuddha = 'Buddha';
echo "This is $szBuddha";
Result: This is Buddha
As you can see the former outputs the variable as it is, not resolving its value of Buddha, whilst the latter does.
Personally, I always use the single quotes unless I need to output any variables or new line characters. I've always been brought up to never encapsulate PHP variables in any types of quotes and therefore I always concatenate them like so:
PHP Code:
$szFoo = 'Foo never never be shown without ' . $szBar;
To me it looks a lot neater than:
PHP Code:
$szFoo = "Foo never never be shown without $szBar";
Naturally it's entirely up to your good selfs which you use, but placing new line characters and variables inside single quotes is definitely the way to go if you're a big fan of headaches.
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
Last edited by Wildhoney : 09-11-2007 at 10:14 PM.
|
|
|
|
09-14-2007, 01:37 PM
|
#2 (permalink)
|
|
The Contributor
Join Date: Sep 2007
Posts: 41
Thanks: 0
|
I do it the
Quote:
|
$szFoo = 'Foo never never be shown without ' . $szBar;
|
way. Much easier to find what parts are variables. Although i use the double quote so i can use the new line "\n". |
|
|
|
|
10-22-2007, 11:14 PM
|
#3 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
Yea, I do agree that it makes sense to use double quotes with new lines. However, I do it like so for new lines because of the way I was brought up with PHP:
PHP Code:
$szFoo = 'My text' . "\r\n";
It's just drilled in my head to use single quotes for text, that's all!
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
10-22-2007, 11:15 PM
|
#4 (permalink)
|
|
The Contributor
Join Date: Oct 2007
Location: US
Posts: 66
Thanks: 19
|
Yeah. I started out using Single quotes, so thats what I'll continue to use. It just seems neater to me. I like having the variables separate from the text.
|
|
|
|
|
10-22-2007, 11:24 PM
|
#5 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
...And the parsers love it, too!
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
10-31-2007, 11:38 AM
|
#6 (permalink)
|
|
The Contributor
Join Date: Oct 2007
Posts: 35
Thanks: 2
|
I've alwys used double quotes, because it's easier, you can just put the vars in there.
But now that I think about it, escaping every double quote of the html takes alot of time, and I might actually swith :p
|
|
|
|
|
10-31-2007, 12:12 PM
|
#7 (permalink)
|
|
The Contributor
Join Date: Sep 2007
Posts: 31
Thanks: 0
|
Single quotes ftw.
Single quotes are actually a bit faster when you've got a string and a variable, or so I've been led to believe.
|
|
|
|
|
10-31-2007, 03:52 PM
|
#8 (permalink)
|
|
Super Moderator
Join Date: Sep 2007
Posts: 165
Thanks: 0
|
Quote:
Originally Posted by Sled
I've alwys used double quotes, because it's easier, you can just put the vars in there.
But now that I think about it, escaping every double quote of the html takes alot of time, and I might actually swith :p
|
Not that i don't promote using single quotes as they rock, but you do know you can just use single quotes for the places you use double quotes in the html? lol
And tbh, you shouldn't EVER need to escape quotes in a document as it should never be used with PHP and instead in a templating file.... |
|
|
|
|
10-31-2007, 04:41 PM
|
#9 (permalink)
|
|
The Contributor
Join Date: Oct 2007
Posts: 35
Thanks: 2
|
oh well, let's say you have a function that generates the newest articles or something. I use li's for that kind of stuff...and if you want to style it, adding a class would be nice, so you get
<li class="topArticle"><a href="$articleurl">$articlename</a></li>
you need to do this kind of things with or without templating file no?
That's 4 double quotes that need to be escaped, and I have using single quotes in my html (i think it's even invalid for xhtml).
I could be wrong though :p |
|
|
|
|
10-31-2007, 05:24 PM
|
#10 (permalink)
|
|
La Vida es Sueño
Join Date: Sep 2007
Location: Oldham
Posts: 2,280
Thanks: 90
|
I think what Bluesaga means is not doing:
PHP Code:
echo "<li class=\"topArticle\"><a href=\"$articleurl\">$articlename</a></li>";
...And instead doing:
PHP Code:
<li class="topArticle"><a href="<?php echo $articleurl; ?>"><?php echo $articlename; ?></a></li>
__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.
|
|
|
|
|
10-31-2007, 07:48 PM
|
#11 (permalink)
|
|
The Contributor
Join Date: Oct 2007
Posts: 35
Thanks: 2
|
He said templating file, so I assumed he was talking about a file with the layout, and where each part is called as a fnction or something.
But yea, I guess that's an option ...
|
|
|
|
|
11-01-2007, 09:20 AM
|
#12 (permalink)
|
|
Super Moderator
Join Date: Sep 2007
Posts: 165
Thanks: 0
|
Erm sled, that can still be in a templating file :)
PHP Code:
//Do all work for script
//set neccesary variables
include('template.tpl.php'); //<-- use variables in loops/echos only, no workings out to be done here
|
|
|
|
|
11-10-2007, 12:06 AM
|
#13 (permalink)
|
|
The Wanderer
Join Date: Nov 2007
Location: London
Posts: 6
Thanks: 0
|
The performance difference between the two types of quotes is rather interesting.
Consider the following PHP Code samples:
v1.php:
PHP Code:
<?PHP
for ($i = 0; $i < 100000; $i++) {
$n = "string".$i;
}
?>
v2.php:
PHP Code:
<?PHP
for ($i = 0; $i < 100000; $i++) {
$n = 'string'.$i;
}
?>
v3.php:
PHP Code:
<?PHP
for ($i = 0; $i < 100000; $i++) {
$n = "string$i";
}
?>
All 3 samples of code do exactly the same thing the same number of times, however the execution time of each script is different.
The benchmarks were run on a P2 400MHz with 192MB RAM. The linux "time" command was used to calculate the actual CPU time used by each script. The results are as follows:
# time php v1.php
real 0m1.260s
user 0m1.224s
sys 0m0.032s
# time php v2.php
real 0m1.271s
user 0m1.224s
sys 0m0.036s
# time php v3.php
real 0m1.973s
user 0m1.944s
sys 0m0.032s
Notice how the v1.php and v2.php timings are very similar, it is interesting that using double quotes without embedded variables is actually faster than using single quotes.
The marked difference is when it comes to using an embedded variable in v3.php. Note how the execution time increases by 0.7s, a 50% increase in execution time.
From this, I conclude that:
- It does not really matter if you use single or double quotes
- Using embedded variables is inefficient - do not do it
Last edited by Andy : 11-10-2007 at 12:29 AM.
|
|
|
|
|
11-10-2007, 10:59 AM
|
#14 (permalink)
|
|
The Prestige
Join Date: Sep 2007
Location: Sweden, Stockholm
Posts: 1,080
Thanks: 115
|
What bluesaga meant with the first part of his msg, was that instead of doing this:
PHP Code:
echo "<a href=\"something.php\">Yes</a>";
.. you can do this:
PHP Code:
echo "<a href='something.php'>Yes</a>";
But personally, I wouldn't use ", because it looks much sloppier, and it's more difficult to read the variables, etc..
I only use " in mysql querys:
PHP Code:
$szSql = mysql_query("SELECT * FROM `users` WHERE `name` = 'test'");
However, on a more serious note, you should never use a query like that.
Instead you should use sprintf. |
|
|
|
|
11-10-2007, 04:08 PM
|
#15 (permalink)
|
|
The Acquainted
Join Date: Sep 2007
Posts: 133
Thanks: 6
|
PHP Code:
$szSql = mysql_query("SELECT * FROM `users` WHERE `name` = 'test'");
and why should a query never be done like that? I do it all the time and i think its fine. I mean, it's not slow (depending on the query) and isn't exactly unsecure. |
|
|
|
|
11-10-2007, 06:46 PM
|
#16 (permalink)
|
|
The Prestige
Join Date: Sep 2007
Location: Sweden, Stockholm
Posts: 1,080
Thanks: 115
|
Please read the following article by Wildhoney:
Securing your MySQL Queries with Sprintf
It will explain everything to you why you should ALWAYS use sprintf. |
|
|
|
|
11-10-2007, 06:58 PM
|
#17 (permalink)
|
|
Moderateur
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
|
Quote:
Originally Posted by Tanax
It will explain everything to you why you should ALWAYS use sprintf.
|
You don't need to ALWAYS use sprintf at all. I fail to see how it would be of use in the case mentioned within this topic. |
|
|
|
|
11-10-2007, 07:12 PM
|
#18 (permalink)
|
|
The Prestige
Join Date: Sep 2007
Location: Sweden, Stockholm
Posts: 1,080
Thanks: 115
|
Yea, but in most cases you don't have a specific value like that.
And in most "common" script, you run a check in the database where it searches for something that matches the input of the $_POST value.
And when you're dealing with those cases, you should always use sprintf.
|
|
|
|
|
11-10-2007, 08:04 PM
|
#19 (permalink)
|
|
The Acquainted
Join Date: Sep 2007
Posts: 133
Thanks: 6
|
Not really, as long as you filter the $_POST first with for example, strip_tags, and mysql_escape_string etc.... then it should be fine.
|
|
|
|
|
11-10-2007, 11:37 PM
|
#20 (permalink)
|
|
The Prestige
Join Date: Sep 2007
Location: Sweden, Stockholm
Posts: 1,080
Thanks: 115
|
Did you read Wildhoney's article? ...
Anyways, what do I care :P You can do whatever querys you want. I prefer to do it the safest way there is.
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Join the friendly bunch on IRC...
