What do $1 and $2 mean?

Question

What do the $1 and $2 in this line of code mean? Are they variables? But then how can they be used in a string?

$query = "select * from php_project.student where student_num=$1 and student_pass=$2";

EDIT: here are the next few lines:

        $stmt = pg_prepare($dbconn,"ps",$query);
        $result = pg_execute($dbconn,"ps",array($studentnum,$password));
        if (!$result){
            die("error in SQL query:".pg_last_error());
        }

Answer 1

$1 and $2 are not variables. They are being used as placeholders in the string.

In PHP $(number first) are not variables. Try it yourself:

$1 = "bob";
>> Parse error: syntax error, unexpected T_LNUMBER, expecting T_VARIABLE or '$' in PHP shell code on line 1

So "$1" is really a string that says "$1".

You could use str_replace, and get this:

PHP > echo str_replace("$1", "'Bob'", $query);
>> select * from php_project.student where student_num='Bob' and student_pass=$2

UPDATE

Per your update, pg_prepare actually says this:

If any parameters are used, they are referred to in the query as $1, $2, etc.

So in your case, the array($studentnum,$password) basically replaces $1 with '$studentnum' and $2 with '$password' in your query, but it also escapes the values properly to prevent SQL injection attacks.

http://php.net/manual/en/function.pg-prepare.php