In a statement like this;
$sql = "SELECT distinct `term`,count(*) as count
FROM {$temp_table_name}
group by `term` order by count DESC";
What does using the back tick character (`) around the field name 'term' buy me?
Is the usage of back ticks for performance reasons? Or is it for some sort of a SQL injection protection?
Note: After I submit the question, I realized that the backtick character does not show around the field name 'term' - right here on stackoverflow.
I don't know of a way of making it appear here in the question body.
If term is mysql key word, you need to quote it by `, otherwise, it is not necessary.
Ps: distinct is not necessary in your case, because you group by it.
The back-tick is the 'official' identifier quote character.
http://dev.mysql.com/doc/refman/5.0/en/identifiers.html
It allows a wider array of characters in an identifier, as described on the linked documentation.
Backticks just allow the use of spaces or other alternate characters in field names.
I think it's already been pretty well explained here.
When We use a keyword as a table name,field-name in MySQL use backticks, or double-quotes when ANSI_QUOTES is enabled.Other wise it is not necessary.It is not releated to SQL injection protection
Related
I want to query a table with field that contains star (*) character but I could't find a valuable answer. I tried something below
WHERE fieldName regexp '\*'
There are solutions like using 'like' keyword but I wanna know a way that uses 'regexp' keyword.
Thanks in advance.
You need to escape the backslash one more time since a single backslash inside double or single quotes would be considered as an escape sequence.
WHERE fieldName regexp '\\*'
OR
Use character class.
WHERE fieldName regexp '[*]'
I have an MySQL query, which returns an error message. I think it could be due to the word "out". Normally, I would just change the field name but I am working on some software that I am not used to and I don't know how much of a change that would be. So, I want to be sure if I have to.
Here is the query:
SELECT * FROM probid_bids WHERE auctionid=73 AND out=0 AND invalid=0
Here the error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'out=0 AND invalid=0' at line 1
OUT is indeed a reserved word. You can encase the column names in backticks to quote the names, and thus avoid this problem, like so:
SELECT * FROM probid_bids WHERE `auctionid`=73 AND `out`=0 AND `invalid`=0
OUT is a reserved word (it is used to specify the type of parameters -- IN, OUT, INOUT -- when creating procedures). Try enclosing it inside backticks (`).
The rules regarding how and when to quote the identifiers (table names, column names, etc) are described here.
Note: certain MySQL configurations allow you to use double quotes as well but this should be avoided; stick with using backticks to quote identifiers and single quotes to quote strings.
Escape the keys:
SELECT * FROM `probid_bids` WHERE `auctionid`=73 AND `out`=0 AND `invalid`=0
This question already has answers here:
character for single quote
(1 answer)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
hey guys was hoping you could help me out,
Not sure if I always had this problem or if its new, in phpmyadmin in the sql tab, the apostrophe it recognizes is different from what i type, for example,
when i type, it is
SELECT * FROM 'table'
this gives me an error, so instead I have to like copy/paste the inverted commas of some prebuilt query so that it looks like
SELECT * FROM `table`
see how the apostrophes are different? any way I can fix this?
also, i have seen many queries on the web, and i think even queries i call from php dont require table names to have apostrophes. But when write it in phpmyadmin, I can do queries without table names having apostrophes?
thanks in advance.
In MYSQL, table is a reserved keyword. If you want to use reserved keywords in mysql in query, you have to enclose them in backtick(`).
As table is reserved keyword you query should be
SELECT * FROM `table`
Regarding single quote ('), in mysql, it represents string value.
SELECT *, 'table' FROM `table`;
Demo
You should only need to quote table names when they conflict with a reserved word.
Also:
` = Grave accent, or (because someone needed to invent a word) backtick
' = Apostrophe, or straight single quote
You dont need apostrophe on table name.
You should use ` in cases that your table/field name is a reserve word eg:
SELECT `distinct`, myfields FROM mytable
note that distinct is an sql command so you need to put the `.
SELECT * FROM `table`
table here should be inside `.
There are two different characters, the backtick and the single quote. Table and column names can be surrounded by the backtick, strings can be surrounded by quotes. There is nothign to fix :D
When seeing SQL code on the internet and in manuals there seems to vary a lot what is used to signify strings (or at least that's what I think they do?).
Are there any difference between using `, ´, ' or "? Are they all the same? Or do some of them have special meanings? Should some be used in certain cases and others in other cases? What is the deal here?
Backticks (`) are required when identifiers, such as column names, are using names which also happen to be reserved words. For example, since from is a reserved word, you would have to wrap a from column name in backticks, as follows:
SELECT `from`, to FROM messages WHERE to = 'Joe';
Also note how the string in the WHERE clause had to be wrapped in quotes. This is also required.
Further reading:
Reserved Words in MySQL 5.1
`` delimits identifiers and ' and " delimits strings. there are no difference between last two
´ has no meaning in mysql
I want to select my particular database in mysql console, but the problem is that my database name has a space in between and mysql ignores the part after the space. For instance, when i give the command:
use 'student registration'
I get the message:
cannot find database 'student'
You should try using back ticks ("`") to quote your database name. Generally speaking, it's probably better to use a naming convention to eliminate white space, e.g.
USE `StudentRegistration`;
or
USE `student_registration`;
You have two options.
1 Enclose the database name in backticks or single quotes.
USE `student registration`;
USE 'student registration';
2 Escape the white space character.
USE student\ registration;
Oddly enough this produces.
ERROR: Unknown command '\ '.
But still changes the database.
When I had to deal with other people's tables with spaces the following worked:
use `student registration`;
At least that would be yours.
Use Double quotes instead of single, double quotes worked for me :
USE "student registration";
Use student registration without quotes.
You have to use square brackets to get this work:
Use [student registration]