> The former:
>
> $sql= "SELECT * FROM tbl_authenticate WHERE username =
> '{$_SERVER['HTTP_AUTH_USER']}' AND password = '{$_SERVER['HTTP_AUTH_PW']}'";
>
> and the later:
>
> $sql= "SELECT * FROM tbl_authenticate WHERE username =
> '".$_SERVER['HTTP_AUTH_USER']."' AND password =
> '".$_SERVER['HTTP_AUTH_PW']."'";
>
> I prefer the later since it's a bit easier to read IMO.
Another alternative:
$sql = <<<END
SELECT *
FROM tbl_authenticate
WHERE username = '%s'
AND password = '%s';
END
$psql = sprintf($sql, pg_escape_string($_SERVER['HTTP_AUTH_USER']),
pg_escape_string($_SERVER['HTTP_AUTH_PW']));
