Mixing quotes in PHP

Question

I have this script that gets my info from the DB

$result = mysqli_query($con,"SELECT * FROM <table> WHERE id = 3");

while($row = mysqli_fetch_array($result))
  {
  echo '<p>'.$row['name'].'</p>' . " " .'<p>' . $row['description'] . '</p>' . " " . '<p>' . $row['price'] . '</p>';
  echo "<br>";
  echo '<img src="http://www.example.com/images/'.$row['profile_pic'].'" alt="profilepic" />';
  echo '<img src="http://www.example.com/images/'.$row['pic1'].'" alt="pic1" />';
      ^^^                                                *********
      Here is the problem because I should have sigle quote at the beginning and at the end, but I still have it above ***.And I use double quotes for the src on the <img> so those are taken too.
  echo '<img src="http://www.example.com/images/'.$row['pic2'].'" alt="pic2" />';
  echo '<img src="http://www.example.com/images/'.$row['pic3'].'" alt="pic3" />';
  }

If I do it like I intended, I would need another set of quoter( maybe triple :]] )..How can I do it the right way?

Answer 1

You can use the HEREDOC syntax as follows. Variables can be used inline without any {} brackets. Arrays must be wrapped in {}. Both types of variables can be embedded in-line.

while($row = mysqli_fetch_array($result)){

// "EOH" can be any string of your choosing, but you must close with it
$output = <<<EOH;
<p>{$row['name']}</p> <p>{$row['description']}</p> <p>{$row['price']}</p>
<br>
<img src="http://www.example.com/images/{$row['profile_pic']}" alt="profilepic" />
<img src="http://www.example.com/images/{$row['pic1']}" alt="pic1" />
<img src="http://www.example.com/images/{$row['pic2']}" alt="pic2" />
<img src="http://www.example.com/images/{$row['pic3']}" alt="pic3" />
EOH; // from above; MUST be aligned all the way left (don't intent or tab)

echo $output;
}

Answer 2

Rasmus Lerdorf answered you since his introduction of PHP by prefixing the variables name with $ Simply you have to do something like the following:

edited

//Place any string in double quote
echo "<p> {$row['name']} </p> <p> {$row['description']} </p> <p> {$row['price']} </p>";

The following is quote from an interview with Rasmus

$ Dollar Sign in PHP variables

When asked about why variables start with the $ sign, he explained that was meant to be able to insert variables inside literal string values, so a mark would need to be used to distinguish what is a variable from the rest of the string.

Since he wanted the variables to look the same inside and outside a string, he has chosen the $ sign to start variables, inspired in the solution that Perl also adopted.

Answer 3

You'll need to call htmlspecialchars() around each item in the $row hash, i.e. htmlspecialchars($row['profile_pic']).

mysqli_fetch_assoc() will be slightly more memory-efficient than mysqli_fetch_array().

Answer 4

The source code you have looks good. You can use \ character immediately ahead of a single or double quote to escape, like so:

$variable = "my quote's are \"like this\" ";

// output: my quote's are "like this"

Likewise:

$variable = 'this is "how my quotes" don\'t look';

// output: this is "how my quotes" don't look