Directly enclosed in single quotes in php as strings for execution
The double quotation marks are enclosed in the output format after being executed by the compiler.
Instance
PHP code
<? Php
$ Test1 = "aaa ";
$ Test2 = "bbb ";
Echo '$ test1'; // single quotes
Echo "<br>"
Echo "$ test2"; // double quotation marks
?>
The output result is
$ Test1
Bbb
In some SQL statements
Select * from aa where username = '"$ _ GET ['username']"' and ....
$ _ GET the value passed from the global array should be enclosed by double quotation marks, and then enclosed by single quotation marks outside, because it is a string
For Digital
Select * from aa where username = "$ _ GET ['userid]" and ....
Userid is assumed to be numeric, so the value passed by $ _ GET can be enclosed by no single quotation marks, but there is a risk of injection.
Attackers can construct SQL statements to execute Dangerous commands. Generally, numeric statements are enclosed in single quotes to prevent injection.
Summary