List:General Discussion« Previous MessageNext Message »
From:Dotan Cohen Date:September 19 2011 11:21pm
Subject:Re: Quotes around INSERT and SELECT statements' arguments from the
mysql CLI and PHP
View as plain text  
On Tue, Sep 20, 2011 at 01:48, Reindl Harald <h.reindl@stripped> wrote:
> i would use a samll class holding the db-connection with insert/update-methods
> pass the whole record-array, lokk what field types are used in the table
> and use intval(), doubleval() or mysql_real_escape-String
>
> so you never write "insert into" inline and if the function is well desigend you
> can throw the whole $_POST to it without thinikng about datatypes and ignore
> automatically hidden-fields which are not used in the database
>
> having as simple class with $db->fetch_all(), $db->insert, $db->update
> has also the benefit that you can easy switch between mysql/mysqli
> without the big overhead of a whole abstraction-layer and extend
> this class with often used methods to make development faster
> and much more stable as dealing the whole time with inline code
>
> a basic class is written in few hours and can be extended whenever
> needed - i wrote one ten years ago and heavily use it these days
> as all the years
>
> public function insert($table, array $data)
> {
>  // so here you know where to look for fieldnames/fieldtypes
>  // prepare the data aray with escaping/intval()/doubleval()
>  // and generate finally the insert
>  //
>  // as return value use 0 on errors or the insert-id
> }
>
>

You are right, using a class has many benefits. I might do that on a
future project. Thanks.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
Thread
Quotes around INSERT and SELECT statements' arguments from the mysqlCLI and PHPDotan Cohen18 Sep
  • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPBrandon Phelps18 Sep
    • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPDotan Cohen18 Sep
      • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPHank19 Sep
        • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPReindl Harald19 Sep
          • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPDotan Cohen19 Sep
          • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPHank19 Sep
            • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPReindl Harald19 Sep
              • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPDotan Cohen19 Sep
                • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPHank20 Sep
                  • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPDotan Cohen20 Sep
                    • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPReindl Harald20 Sep
                      • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPDotan Cohen20 Sep
                      • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPDotan Cohen20 Sep
                        • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPReindl Harald20 Sep
                    • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPHank20 Sep
                      • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPDotan Cohen20 Sep
        • Re: Quotes around INSERT and SELECT statements' arguments from themysql CLI and PHPDotan Cohen19 Sep