On Mon, Sep 19, 2011 at 04:00, Hank <hes...@gmail.com> wrote:
> I agree with Brandon's suggestions, I would just add when using numeric
> types in PHP statements where you have a variable replacement, for instance:
>
> $sql="INSERT into table VALUES ('$id','$val')";
>
> where $id is a numeric variable in PHP and a numeric field in the table,
> I'll include the $id in single quotes in the PHP statement, so even if the
> value of $id is null, alpha, or invalid (not numeric) it does not generate a
> mysql syntax error. Otherwise, without the single quotes, the statement
> would be:
>
> INSERT into table VALUES (,'');
>
> which would cause a syntax error. If you include the single quotes, it
> becomes:
>
> INSERT into table VALUES ('','')
>
> which won't cause a syntax error, but might cause some logic errors in the
> database. The choice is yours.
>
Thanks, that is a good point. I would actually prefer errors to arise
on insert then a potentially inconsistent database or bad data. I
should definitely learn to use stored procedures, I know.
That said, I do go to great lengths to validate my data. What is an
"alpha" value? I do check is_numeric() and null, of course.
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
