php-general Digest 6 Aug 2010 13:09:56 -0000 Issue 6882
Topics (messages 307327 through 307343):
Quotes vs. Single Quote
307327 by: Rick Dwyer
307328 by: Josh Kehn
307329 by: Michael Shadle
307330 by: Rick Dwyer
307331 by: Paul M Foster
307332 by: Adam Richardson
307333 by: Michael Shadle
307334 by: Michael Shadle
307335 by: Peter Lind
307336 by: Richard Quadling
307338 by: tedd
307339 by: tedd
307340 by: tedd
307341 by: Floyd Resler
307342 by: Richard Quadling
307343 by: Andrew Ballard
Re: PHP The Anthem
307337 by: tedd
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
Hi List.
I've mentioned before that I am both just beginning to learn PHP AND I have
inherited a number of pages that I'm trying to clean up the w3c validation on.
Something that confuses me is how the code on the page is written where in one
instance, it follows this:
echo "<table border='1'><tr>....
And elsewhere on the page it follows:
echo '<table border="1"><tr>....
In what I've read and from many of the suggestions from this board, the latter
seems to be the better way to code, generally speaking.
So given that the page has javascript in it, perhaps the reason for the
previous developer switching between the two was for ease of incorporating
JS?.... Don't really know... but what I would like to know is it considered
poor coding switch between the two on a single page or is it perfectly
acceptable?
2nd question, in the 3 lines below:
$_SESSION['newpage'] = $newpage;
$checkstat = "select field from table where fieldid = $field_id";
$result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute
query");
If I were to recode in the latter style, should they not look like this:
$_SESSION['newpage'] = $newpage;
$checkstat = 'select field from table where fieldid = "'.$field_id.'"';
$result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t execute
query');
The focus being here:
"'.$field_id.'"';
('Couldn\'t execute query')
Is this correct?
Thanks for the help.
--Rick
--- End Message ---
--- Begin Message ---
On Aug 5, 2010, at 10:10 PM, Rick Dwyer wrote:
> Hi List.
> I've mentioned before that I am both just beginning to learn PHP AND I have
> inherited a number of pages that I'm trying to clean up the w3c validation on.
>
> Something that confuses me is how the code on the page is written where in
> one instance, it follows this:
>
> echo "<table border='1'><tr>....
>
> And elsewhere on the page it follows:
>
> echo '<table border="1"><tr>....
>
> In what I've read and from many of the suggestions from this board, the
> latter seems to be the better way to code, generally speaking.
>
> So given that the page has javascript in it, perhaps the reason for the
> previous developer switching between the two was for ease of incorporating
> JS?.... Don't really know... but what I would like to know is it considered
> poor coding switch between the two on a single page or is it perfectly
> acceptable?
>
> 2nd question, in the 3 lines below:
>
> $_SESSION['newpage'] = $newpage;
> $checkstat = "select field from table where fieldid = $field_id";
> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute
> query");
>
>
> If I were to recode in the latter style, should they not look like this:
>
> $_SESSION['newpage'] = $newpage;
> $checkstat = 'select field from table where fieldid = "'.$field_id.'"';
> $result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t execute
> query');
>
>
> The focus being here:
>
> "'.$field_id.'"';
> ('Couldn\'t execute query')
>
> Is this correct?
>
> Thanks for the help.
>
> --Rick
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
Rick-
It is generally accepted that you should use single quotes whenever possible. I
only use double quotes when writing SQL queries (so I don't have to continually
escape them for the single quotes) and when I need to output control characters
like "\r" or "\n".
It would be considered "best practice" to make consistent use of them, but it
wouldn't be something I would loose sleep over.
Regards,
-Josh
--- End Message ---
--- Begin Message ---
On Thu, Aug 5, 2010 at 7:10 PM, Rick Dwyer <[email protected]> wrote:
> Hi List.
> I've mentioned before that I am both just beginning to learn PHP AND I have
> inherited a number of pages that I'm trying to clean up the w3c validation on.
>
> Something that confuses me is how the code on the page is written where in
> one instance, it follows this:
>
> echo "<table border='1'><tr>....
>
> And elsewhere on the page it follows:
>
> echo '<table border="1"><tr>....
>
> In what I've read and from many of the suggestions from this board, the
> latter seems to be the better way to code, generally speaking.
>
> So given that the page has javascript in it, perhaps the reason for the
> previous developer switching between the two was for ease of incorporating
> JS?.... Don't really know... but what I would like to know is it considered
> poor coding switch between the two on a single page or is it perfectly
> acceptable?
>
> 2nd question, in the 3 lines below:
>
> $_SESSION['newpage'] = $newpage;
> $checkstat = "select field from table where fieldid = $field_id";
> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute
> query");
You could always do:
$result1 = mysql_query("SELECT field FROM table WHERE fieldid =
$field_id", $connection) or die("Couldn't execute query");
a) I capped SQL verbs. Make it more readable :)
b) why make a variable just to throw it in the next line?
c) Make sure $field_id is truly an integer. If not, intval,
mysql_escape_string, something along those lines. Also put it in
single quotes if not an integer.
d) I left double quotes in the error, because it has a single quote
inside of it. The small micro-optimization performance you might get
is probably not worth the readability factor.
My general rules of thumb:
I use double quotes if:
a) I have single quotes inside the string
b) I need variables to be parsed
c) I need control characters like \n parsed
I use single quotes always:
a) For array indexes $foo['bar']
b) If I don't need variable parsing, control characters, etc. why not?
You'll get a minimal performance gain by using single quotes
everywhere in PHP where you don't -need- double quotes, but that's a
micro-optimization and there's probably more important things for you
to be doing.
For HTML, -always- use double quotes.
<tag attribute="bar" /> is the right way.
<tag attribute='bar' /> is the wrong way.
I'd go into more explanation but there simply doesn't need to be one.
--- End Message ---
--- Begin Message ---
On Aug 5, 2010, at 10:43 PM, Michael Shadle wrote:
> On Thu, Aug 5, 2010 at 7:10 PM, Rick Dwyer <[email protected]> wrote:
>> Hi List.
>> I've mentioned before that I am both just beginning to learn PHP AND I have
>> inherited a number of pages that I'm trying to clean up the w3c validation
>> on.
>>
>> Something that confuses me is how the code on the page is written where in
>> one instance, it follows this:
>>
>> echo "<table border='1'><tr>....
>>
>> And elsewhere on the page it follows:
>>
>> echo '<table border="1"><tr>....
>>
>> In what I've read and from many of the suggestions from this board, the
>> latter seems to be the better way to code, generally speaking.
>>
>> So given that the page has javascript in it, perhaps the reason for the
>> previous developer switching between the two was for ease of incorporating
>> JS?.... Don't really know... but what I would like to know is it considered
>> poor coding switch between the two on a single page or is it perfectly
>> acceptable?
>>
>> 2nd question, in the 3 lines below:
>>
>> $_SESSION['newpage'] = $newpage;
>> $checkstat = "select field from table where fieldid = $field_id";
>> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute
>> query");
>
> You could always do:
>
> $result1 = mysql_query("SELECT field FROM table WHERE fieldid =
> $field_id", $connection) or die("Couldn't execute query");
>
> a) I capped SQL verbs. Make it more readable :)
> b) why make a variable just to throw it in the next line?
> c) Make sure $field_id is truly an integer. If not, intval,
> mysql_escape_string, something along those lines. Also put it in
> single quotes if not an integer.
> d) I left double quotes in the error, because it has a single quote
> inside of it. The small micro-optimization performance you might get
> is probably not worth the readability factor.
>
> My general rules of thumb:
>
> I use double quotes if:
> a) I have single quotes inside the string
> b) I need variables to be parsed
> c) I need control characters like \n parsed
>
> I use single quotes always:
> a) For array indexes $foo['bar']
> b) If I don't need variable parsing, control characters, etc. why not?
>
> You'll get a minimal performance gain by using single quotes
> everywhere in PHP where you don't -need- double quotes, but that's a
> micro-optimization and there's probably more important things for you
> to be doing.
>
> For HTML, -always- use double quotes.
>
> <tag attribute="bar" /> is the right way.
> <tag attribute='bar' /> is the wrong way.
>
> I'd go into more explanation but there simply doesn't need to be one.
Michael:
Well put.. exactly the type of instruction I was looking for.
Thanks,
--Rick
--- End Message ---
--- Begin Message ---
On Thu, Aug 05, 2010 at 10:10:26PM -0400, Rick Dwyer wrote:
> Hi List.
> I've mentioned before that I am both just beginning to learn PHP AND I have
> inherited a number of pages that I'm trying to clean up the w3c validation on.
>
> Something that confuses me is how the code on the page is written where in
> one instance, it follows this:
>
> echo "<table border='1'><tr>....
>
> And elsewhere on the page it follows:
>
> echo '<table border="1"><tr>....
>
> In what I've read and from many of the suggestions from this board, the
> latter seems to be the better way to code, generally speaking.
>
> So given that the page has javascript in it, perhaps the reason for the
> previous developer switching between the two was for ease of incorporating
> JS?.... Don't really know... but what I would like to know is it considered
> poor coding switch between the two on a single page or is it perfectly
> acceptable?
>
Not acceptable and sloppy. Be consistent in your coding style. In
general, HTML attributes should be surrounded by double quotes. I don't
know about javascript. Moreover, it's generally better to simply output
HTML rather than to echo it, like:
<table border="1"><tr>
<td>
<?php echo $some_value; ?>
</td>
</tr>
> 2nd question, in the 3 lines below:
>
> $_SESSION['newpage'] = $newpage;
> $checkstat = "select field from table where fieldid = $field_id";
> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute
> query");
>
>
> If I were to recode in the latter style, should they not look like this:
>
> $_SESSION['newpage'] = $newpage;
> $checkstat = 'select field from table where fieldid = "'.$field_id.'"';
> $result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t execute
> query');
>
This is a matter of taste, but I've heard that if you can do it without
string concatenation, it executes faster. In my opinion, the former is
better because it's easier to follow than the second, where you have
strings concatenated with single and double quotes all over the place.
Paul
--
Paul M. Foster
--- End Message ---
--- Begin Message ---
On Thu, Aug 5, 2010 at 10:53 PM, Rick Dwyer <[email protected]> wrote:
>
> On Aug 5, 2010, at 10:43 PM, Michael Shadle wrote:
>
> >
> > For HTML, -always- use double quotes.
> >
> > <tag attribute="bar" /> is the right way.
> > <tag attribute='bar' /> is the wrong way.
> >
> > I'd go into more explanation but there simply doesn't need to be one.
>
I would suggest that saying <tag attribute='bar' /> is "the wrong way" is a
rather strong assessment. Whether you're talking about SGML (the
grandparent), XML (the parent), or XHTML, the use of a single quote is
perfectly valid, and has served a purpose since inception. If I'm crafting
markup and embedding something that has a double quote within an attribute
(often times an alt attribute on an image), I don't hesitate to use the
single quote as the attribute delimiter. That said, it's often easier if
you standardize on one, and most choose to use double quotes the default
delimiter.
Tim Bray, who knows a little bit about XML dialects (tongue in cheek),
appears to default to the single quote as his delimiter of choice:
http://www.tbray.org/ongoing/
Now, speaking to questions/concerns about javascript events frequent use of
single quotes beg the question: Why are you embedding javascript events
into the markup of the page? I'm aware of many sources that advocate
against mixing javascript and html in this way (see the books PPK on
Javascript, DOM Scripting, etc.)
That said, if there are some sources to point to that make a case for the
deprecation of single quotes in (X)HTML attributes, please let me know.
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
On Thu, Aug 5, 2010 at 8:51 PM, Adam Richardson <[email protected]> wrote:
> I would suggest that saying <tag attribute='bar' /> is "the wrong way" is a
> rather strong assessment. Whether you're talking about SGML (the
> grandparent), XML (the parent), or XHTML, the use of a single quote is
> perfectly valid, and has served a purpose since inception. If I'm crafting
> markup and embedding something that has a double quote within an attribute
> (often times an alt attribute on an image), I don't hesitate to use the
> single quote as the attribute delimiter. That said, it's often easier if
> you standardize on one, and most choose to use double quotes the default
> delimiter.
> That said, if there are some sources to point to that make a case for the
> deprecation of single quotes in (X)HTML attributes, please let me know.
Well, most people use htmlspecialchars() to encode text for safe
display to a browser.
By default, it only encodes double quotes:
http://php.net/htmlspecialchars
"The default mode, ENT_COMPAT, is the backwards compatible mode which
only translates the double-quote character and leaves the single-quote
untranslated."
We've run into issues where we thought our forms were fairly secure,
but some people decided to echo "<input type='string' value='$foo' />"
type stuff, which works fine if you encapsulate attributes in double
quotes, but in single quotes, we found out that anyone who had a
single quote in that value would break the page.
Now, I typically use a central wrapper function for encoding and
decoding, and if it was in use there, sure, I could have thrown in
ENT_QUOTES and solved that issue.
However, the vast majority of everything uses double quotes, and there
is not really a reason to NOT use them.
Of course, I put it out there like that to simply push it because it
should be appropriate for everyone. You are right though - it WILL
work with single quotes (as we can see), but I recommend a single way
of doing things to keep things consistent, and it has been the
unspoken standard everywhere I've ever looked for markup...
(Funny enough, that page has an example with a single quoted attribute)
Leave the single quotes for parameters, indexes, code, not attributes - $.02
--- End Message ---
--- Begin Message ---
On Thu, Aug 5, 2010 at 8:51 PM, Adam Richardson <[email protected]> wrote:
> Tim Bray, who knows a little bit about XML dialects (tongue in cheek),
> appears to default to the single quote as his delimiter of choice:
> http://www.tbray.org/ongoing/
Side note, looks like his stuff is auto-generated by something, so
it's defined once and replicated many times for templating... but also
I do see some attributes with double quotes mixed in, i.e.:
<div class="employ">I work for Google, but the opinions expressed here
are my own, and no other party necessarily
agrees with them.<br/>
A full disclosure of my professional interests is on the <a
href='/ongoing/misc/Tim'>author</a> page.
</div>
<h2 id='comments'>Contributions</h2>
<div class="comments"><p>Comment feed for <span
class="o">ongoing</span>:<a href="/ongoing/comments.atom"><img
src="/ongoing/Feed.png" alt="Comments feed"/></a></p>
<a href="/ongoing/"
onclick="setActiveStyleSheet('serif'); return false;"
onkeypress = "setActiveStyleSheet('serif'); return false;"
accesskey="p" id="serif">Serif</a> ·
<a href="/ongoing/"
onclick="setActiveStyleSheet('sans'); return false;"
onkeypress = "setActiveStyleSheet('sans'); return false;"
accesskey="p" id="sans">Sans-Serif</a>
I should say also - double quotes helps when using inline JavaScript
in attributes too :) add that to my reasons. I just default to double
quotes because of history developing things, it just works easier.
--- End Message ---
--- Begin Message ---
On 6 August 2010 04:10, Rick Dwyer <[email protected]> wrote:
> Hi List.
> I've mentioned before that I am both just beginning to learn PHP AND I have
> inherited a number of pages that I'm trying to clean up the w3c validation on.
>
> Something that confuses me is how the code on the page is written where in
> one instance, it follows this:
>
> echo "<table border='1'><tr>....
>
> And elsewhere on the page it follows:
>
> echo '<table border="1"><tr>....
>
> In what I've read and from many of the suggestions from this board, the
> latter seems to be the better way to code, generally speaking.
>
It isn't better or worse. The only thing that makes a difference is
what suits you - stick to what works for you. Both double-quotes and
single-quotes can result in gotchas (in double quotes you have to
escape more, which you have to keep in mind, whereas in single quotes
you have a lot less power, which you might forget). There's no
difference in performance, which leaves just one thing: personal
preference.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
--- End Message ---
--- Begin Message ---
On 6 August 2010 07:34, Peter Lind <[email protected]> wrote:
> On 6 August 2010 04:10, Rick Dwyer <[email protected]> wrote:
>> Hi List.
>> I've mentioned before that I am both just beginning to learn PHP AND I have
>> inherited a number of pages that I'm trying to clean up the w3c validation
>> on.
>>
>> Something that confuses me is how the code on the page is written where in
>> one instance, it follows this:
>>
>> echo "<table border='1'><tr>....
>>
>> And elsewhere on the page it follows:
>>
>> echo '<table border="1"><tr>....
>>
>> In what I've read and from many of the suggestions from this board, the
>> latter seems to be the better way to code, generally speaking.
>>
>
> It isn't better or worse. The only thing that makes a difference is
> what suits you - stick to what works for you. Both double-quotes and
> single-quotes can result in gotchas (in double quotes you have to
> escape more, which you have to keep in mind, whereas in single quotes
> you have a lot less power, which you might forget). There's no
> difference in performance, which leaves just one thing: personal
> preference.
>
> Regards
> Peter
>
> --
> <hype>
> WWW: http://plphp.dk / http://plind.dk
> LinkedIn: http://www.linkedin.com/in/plind
> BeWelcome/Couchsurfing: Fake51
> Twitter: http://twitter.com/kafe15
> </hype>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
You also have heredoc ...
<?php
$array = array('value' => 'A "daft" div. Click me and you\'re a numpty.');
echo <<<END_HTML_WITH_EMBEDDED_JS
<html>
<head>
<title>All In One</title>
</head>
<body>
<div>The div below should say that it is a "daft" div and if you
click it then you're a numpty.</div>
<div class="daft" onClick="alert('You clicked a \"daft\" div and
you\'re a numpty');">{$array['value']}</div>
</body>
</html>
END_HTML_WITH_EMBEDDED_JS;
?>
will output ...
<html>
<head>
<title>All In One</title>
</head>
<body>
<div class="daft" onClick="alert('You clicked a \"daft\" div and
you\'re a numpty');">A "daft" div. Click me and you're a numpty.</div>
</body>
</html>
The above example shows how escaping can be minimized. I've done it
manually, but it could have been done by using htmlentities() or
htmlspecialchars() with ENT_QUOTES.
Only the JS code needed the escaping. The \" because the " is in an
attribute value (which used " as the delimiter) and the \' because the
' is used as a string delimiter for the alert() call.
Obviously, it IS a bit of a mess. Using normal string concatenation,
it becomes a lot harder.
<?php
$array = array('value' => 'A "daft" div. Click me and you\'re a numpty.');
echo "<html>
<head>
<title>All In One</title>
</head>
<body>
<div>The div below should say that it is a \"daft\" div and if you
click it then you're a numpty.</div>
<div class=\"daft\" onClick=\"alert('You clicked a \\\"daft\\\" div
and you\'re a numpty');\">{$array['value']}</div>
</body>
</html>";
?>
So, 3 \. The first \ is to escape the second \, the third to escape
the ". Which results in \" which is an escape of the " in the HTML.
Now imagine the above string was a search and replace via some regular
expression. Sure you _can_ work it out, but sometimes you just keep
adding \ until it works.
You may need upto 6 \ in a row... or more!
Richard.
--- End Message ---
--- Begin Message ---
At 10:10 PM -0400 8/5/10, Rick Dwyer wrote:
2nd question, in the 3 [2] lines below:
$checkstat = "select field from table where fieldid = $field_id";
$result1 = @mysql_query($checkstat,$connection) or die("Couldn't
execute query");
If I were to recode in the latter style, should they not look like this:
$checkstat = 'select field from table where fieldid = "'.$field_id.'"';
$result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t
execute query');
Rick:
Others gave you good advice on quotes, but I'll address your second
question on database queries.
The following is in the form of what I normally do:
$query = "SELECT field FROM table WHERE field_id = '$field_id' ";
$result = mysql_query($query) or die("Couldn't execute query");
Please note these are my preferences (others may have different preferences):
1. I use UPPERCASE for all MySQL syntax.
2. I do not use the @ before mysql_query because that suppresses
errors. I prefer to see errors and fix them.
3. It's not necessary to include the second argument (i.e.,
$connection) in mysql_query.
4. IMO, a query should be named $query and a result should be named
$result. If I have several results, then I use $result1, $result2,
$result3, and so on.
5. I try to match MySQL field names to PHP variable names, such as
field_id = '$field_id'. This makes it easier for me to read and debug.
6. Also note that the PHP variable $field_id is enclosed in single
quotes within the query.
7. For sake of readability, in the query I also place a space after
the last single quote and before the ending double quote, such as
field_id = '$field_id' ". -- I do not like, nor is it readable, to
have a singledouble quote (i.e., '").
There is one additional thing that I do, but it requires an included
function. For your kind review, in my query I do this:
$result = mysql_query($query) or die(report($query,__LINE__,__FILE__)));
and the report function I include to the script is:
<?php
//==================== show dB errors ======================
function report($query, $line, $file)
{
echo($query . '<br>' .$line . '<br>' . $file . '<br>' . mysql_error());
}
?>
That way, if something goes wrong, the report function will show in
what file and at what line number the error occurred. Now, this is OK
for development, but for production you should comment out the echo
so you don't report errors publicly. Besides, you should have all the
errors fixed before your script becomes production anyway, right? :-)
HTH,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 11:00 PM -0400 8/5/10, Paul M Foster wrote:
On Thu, Aug 05, 2010 at 10:10:26PM -0400, Rick Dwyer wrote:
> echo "<table border='1'><tr>....
And elsewhere on the page it follows:
> echo '<table border="1"><tr>....
Not acceptable and sloppy. Be consistent in your coding style. In
general, HTML attributes should be surrounded by double quotes. I don't
know about javascript. Moreover, it's generally better to simply output
HTML rather than to echo it, like:
<table border="1"><tr>
<td>
<?php echo $some_value; ?>
</td>
Rick:
I agree with Paul.
I would only add that you should use what languages best serve your
needs. While it may not be obvious, the statement:
<table border="1">
is flawed (IMO).
The "best" way to handle this is to define a class (or id) for the
table in a css file and then set the border (i.e., styling) to
whatever you want. For example, your HTML would look like:
<table class="my_table">
And your CSS would contain:
.my_table
{
border: 1px solid black;
}
That way at some future date, you may want to change the border
color, size, whatever and it's a trivial thing to do so without
having to search through all your code to find ill-placed styling
attributes.
As I always say, neither CSS, PHP, or any web language exist in a
vacuum. It always best to use whatever language that makes your life
(and others) simpler.
Cheers,
tedd
PS: Considering that this is Friday. I have a grammar question for
the group. I said above:
"neither CSS, PHP, or any web language exist in a vacuum."
Is the word "neither" appropriate in this sentence?
Normally, two items can be compared by "neither" or "nor", but what
about more than two items? Is it appropriate to use "neither" or
"nor" for more than two items?
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 9:05 PM -0700 8/5/10, Michael Shadle wrote:
Leave the single quotes for parameters, indexes, code, not attributes - $.02
Agreed.
"Render unto Caesar (HTML) the things that are Caesar's and unto God
(PHP -- Lord forgive me) the things that are God's."
In other words, when writing code in another language use the syntax
that is appropriate for that language
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
On Aug 6, 2010, at 8:08 AM, tedd wrote:
> At 10:10 PM -0400 8/5/10, Rick Dwyer wrote:
>> 2nd question, in the 3 [2] lines below:
>>
>> $checkstat = "select field from table where fieldid = $field_id";
>> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute
>> query");
>>
>> If I were to recode in the latter style, should they not look like this:
>>
>> $checkstat = 'select field from table where fieldid = "'.$field_id.'"';
>> $result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t execute
>> query');
>
> Rick:
>
> Others gave you good advice on quotes, but I'll address your second question
> on database queries.
>
> The following is in the form of what I normally do:
>
> $query = "SELECT field FROM table WHERE field_id = '$field_id' ";
> $result = mysql_query($query) or die("Couldn't execute query");
>
> Please note these are my preferences (others may have different preferences):
>
> 1. I use UPPERCASE for all MySQL syntax.
>
> 2. I do not use the @ before mysql_query because that suppresses errors. I
> prefer to see errors and fix them.
>
> 3. It's not necessary to include the second argument (i.e., $connection) in
> mysql_query.
>
> 4. IMO, a query should be named $query and a result should be named $result.
> If I have several results, then I use $result1, $result2, $result3, and so on.
>
> 5. I try to match MySQL field names to PHP variable names, such as field_id =
> '$field_id'. This makes it easier for me to read and debug.
>
> 6. Also note that the PHP variable $field_id is enclosed in single quotes
> within the query.
>
> 7. For sake of readability, in the query I also place a space after the last
> single quote and before the ending double quote, such as field_id =
> '$field_id' ". -- I do not like, nor is it readable, to have a singledouble
> quote (i.e., '").
>
> There is one additional thing that I do, but it requires an included
> function. For your kind review, in my query I do this:
>
> $result = mysql_query($query) or die(report($query,__LINE__,__FILE__)));
>
> and the report function I include to the script is:
>
> <?php
> //==================== show dB errors ======================
>
> function report($query, $line, $file)
> {
> echo($query . '<br>' .$line . '<br>' . $file . '<br>' . mysql_error());
> }
> ?>
>
> That way, if something goes wrong, the report function will show in what file
> and at what line number the error occurred. Now, this is OK for development,
> but for production you should comment out the echo so you don't report errors
> publicly. Besides, you should have all the errors fixed before your script
> becomes production anyway, right? :-)
>
> HTH,
>
> tedd
>
Tedd,
Well said! I pretty much follow those same standards as well.
Especially with the naming of variables to match field names. I also make sure
that any form field names match my database names. It makes updating and
inserting records so much easier! I've written a database class that allows me
to update and insert records as easily as this:
$db->insert("table_name",$_POST);
$db->update("table_name","id_field_name",$id,$_POST);
And, yes, I do sanitize the data to make sure it doesn't do bad things to my
database! :)
Take care,
Floyd
--- End Message ---
--- Begin Message ---
On 6 August 2010 13:31, tedd <[email protected]> wrote:
>I have a grammar question for the
> group. I said above:
>
> "neither CSS, PHP, or any web language exist in a vacuum."
>
> Is the word "neither" appropriate in this sentence?
>
> Normally, two items can be compared by "neither" or "nor", but what about
> more than two items? Is it appropriate to use "neither" or "nor" for more
> than two items?
>
http://en.wikipedia.org/wiki/Neither says that "either" can be used
for many items if they are in a list (like you've used), so neither
would probably follow the same argument.
--- End Message ---
--- Begin Message ---
On Fri, Aug 6, 2010 at 8:31 AM, tedd <[email protected]> wrote:
> While it may not be obvious, the statement:
>
> <table border="1">
>
> is flawed (IMO).
>
> The "best" way to handle this is to define a class (or id) for the table in
> a css file and then set the border (i.e., styling) to whatever you want. For
> example, your HTML would look like:
>
> <table class="my_table">
>
> And your CSS would contain:
>
> .my_table
> {
> border: 1px solid black;
> }
>
I more or less agree with you, but sometimes it's technically a little
more difficult than that. The border attribute on the table tag
affects not only the table itself, but also the cells inside it. The
CSS attribute only draws a border around the table. I believe the CSS
equivalent of how most browsers (I tested Fx 3.6.8, IE 7, Google
Chrome 5, Opera 10.53, and Safari (Windows) 5.0.1) render <table
border="1"> takes a little more:
table.my_table,
table.my_table > thead > tr > th,
table.my_table > tbody > tr > th,
table.my_table > tfoot > tr > th,
table.my_table > thead > tr > td,
table.my_table > tbody > tr > td,
table.my_table > tfoot > tr > td
{
border: solid 1px black;
}
And, of the browsers listed above, IE7 did not render the table
correctly. (I'm guessing it must not properly handle the child CSS
selectors.) If you do it without the child selectors:
table.my_table,
table.my_table th,
table.my_table td
{
border: solid 1px black;
}
All the browsers render it the same, but it has the side effect that
cells in nested tables also inherit the borders unless you do
something to exclude them:
table.my_table,
table.my_table th,
table.my_table td
{
border: solid 1px black;
}
table.my_table table,
table.my_table table th,
table.my_table table td
{
border: none;
}
As is often the case with CSS, that's a good bit more text to
accomplish the same effect as an older, smaller attribute. :-)
Andrew
--- End Message ---
--- Begin Message ---
At 4:57 PM -0700 8/5/10, Daevid Vincent wrote:
http://www.youtube.com/watch?v=S8zhmiS-1kw
http://shiflett.org/blog/2010/aug/php-anthem
...some people have way too much time. ;-)
I agree. I don't have time to do nonsense and don't understand how
people who are successful can waste time like this. Besides IMO, this
is another example of hip-flop.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
