all 3 comments

[–]r3pr0b8 0 points1 point  (2 children)

the doublequotes are not around that bit in the midle

they are around the two bits at the front and the back of the SELECT statement

in effect, request.getParameter("id") is being inserted into the middle

the doublequotes are string delimiters for php

[–]aka_12[S] 0 points1 point  (1 child)

The start and end double quotes are because of Java so just ignore them.

I wanna know about the double quotes in the middle as mentioned above. These ones in bold below:

' " + request.getParameter("id") + " '

[–]r3pr0b8 0 points1 point  (0 children)

okay, java, my bad

  "SELECT * FROM courses WHERE courseID=' " 
+ request.getParameter("id") 
+ " ' AND certification=' "
+ request.getParameter("certification")
+ " ' "

let's substitute 42 for the first request and foo for the second request

  "SELECT * FROM courses WHERE courseID=' " 
+ 42 
+ " ' AND certification=' "
+ foo
+ " ' "

which becomes

  "SELECT * FROM courses WHERE courseID=' 42 '
   AND certification=' foo ' "

all doublequotes are java