ID: 48290
User updated by: kexianbin at diyism dot com
Reported By: kexianbin at diyism dot com
-Status: Bogus
+Status: Open
Bug Type: Feature/Change Request
Operating System: Irrelevant
PHP Version: 5.3.1
New Comment:
Try to reopen it.
Previous Comments:
------------------------------------------------------------------------
[2009-08-11 02:41:41] kexianbin at diyism dot com
Why set this as bogus?
Why don't you realize that the advantage of PHP is right the incredible
convenience for web programmers?!
For example, 'substr' is of the best design in all these languages:
java, sql, javascript, python, ruby, etc,
...substr($aStr,index_start,length(>=0)/index_after_end(<0))...
that is just the right PHP tradition.
I know PDO and prepared statements is ok,
but those method is really trivial and by no means intuitive.
Why don't you just make a little change to the variable parsing
function of the double quoted strings to save we programmers a very
enormous time wasting?
In fact, we have no way to reduce the code if we adopt PDO and prepared
statements, obviously every variable name apears twice(even apears as a
question mark):
$sql=$pdo->prepare("select *
from sem_SearchChangeShow
where Keyword=:Keyword
and BatchNum=:BatchNum
and OldChannelID=:ApvChannelID_old
and OldCategoryID=:ApvCategoryID_old
");
$sql->execute(array(':Keyword'=>$v['Keyword'],
':BatchNum'=>$v['BatchNum'],
':ApvChannelID_old'=>$v['ApvChannelID_old'],
':ApvCategoryID_old'=>$v['ApvCategoryID_old']
)
);
$tmp=$sql->fetch(PDO::FETCH_ASSOC);
------------------------------------------------------------------------
[2009-08-10 13:15:25] [email protected]
Or PDO.. :)
------------------------------------------------------------------------
[2009-08-10 13:14:50] [email protected]
Will never happen. You should start using MySQLi and prepared
statements.
------------------------------------------------------------------------
[2009-08-10 12:26:41] kexianbin at diyism dot com
For the most convenience of we php programmers,
maybe we should make a patch to the variable parsing module of double
quoted strings in the php engine,
to parse variables, while add slashes to them for such formats:
"{#variable_name}",
for example:
<?
$name="myname";
$value="my'value";
echo "insert into z_test (name, value) values ('{$name}',
'{#value}')";
?>
we should get:
insert into z_test (name, value) values ('myname', 'my\'value')
------------------------------------------------------------------------
[2009-08-10 12:18:22] kexianbin at diyism dot com
Or i could write like this:
$_='addslashes';
$sql="insert into z_test (name, value) values ('{$name}',
'{$_($value)}')";
mysql_query($sql);
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/48290
--
Edit this bug report at http://bugs.php.net/?id=48290&edit=1
