-----Original Message-----
From: Matijn Woudt [mailto:tijn...@gmail.com]
Sent: Thursday, August 23, 2012 4:39 PM
To: admin
Cc: php-general@lists.php.net
Subject: Re: [PHP] Dynamic Content thoughts
On Thu, Aug 23, 2012 at 9:51 PM, admin <ad...@buskirkgraphics.com> wrote:
> Hello everyone,
>
> In my quest to build bigger and better dynamic
> content, I am putting forth a concept to see what you all think.
>
> Many times I come across customers who want drop down menus
> dynamically built from database tables.
>
>
>
> Old way Example:
>
>
> *********************************************************
>
>
>
> I am purposing a Method for this that has some flexibility.
>
>
>
> Initialize Object: $yourobject = new yourclass();
>
> Call method: // The call design is just so you have a better
> understanding of my concept
>
> $dropdown = $yourobject-> dropmenu('personnell','ID',array(0 =>
> 'first_name', 1 => 'last_name'), 'last_name');
>
>
>
> Function dropmenu($table,$fieldforvalue,$fieldstodisplay,$fieldorder)
> //
<<snip>>
>
>
>
> Now I can call the drop downs driven by database tables dynamically
> and It saves me a TON of time.
>
> Echo '<SELECT ID=personnel>';
>
> Foreach($dropdown as $key=>$values){
>
> Echo $values;
>
> }
>
> Echo '</select>';
>
>
Hi Richard,
First of all, I don't really see the problem with the first code, as it's not
that many LOC. OTOH comparing it to the enormous amount of lines needed for
your function it seems a bit overkill. If you combine $query = .. and
mysql_query($query), to a single line (which I prefer), then you only have 4
lines of code in your first example. ( I only count lines that do something,
not the brackets etc). Your function has about 40.
If you still want this function, I would change a few things.
1) Do all the echo stuff inside your function, or, only return the data and
print the <option> html stuff outside of your function.
You're now mixing both which seems wrong.
2) Use SQL as input, and if you wish to make it easy for yourself, write a
seperate function that writes SQL queries for you (or just use a lib for it,
there are probably plenty).
3) Use mysqli, mysql is deprecated.
4) Use mysqli_real_escape_string to sanitize your input before using it on the
database.
Hope this helps you,
- Matijn
------------------------------
Thank you Matijn,
For coding style, I think we can agree on the fact each person has a
different style and reasoning's for their own style.
My style on SQL statements was passed down to me from some very successful
developers who felt the reason for creating a
SQL statement in such a manor was to assist in informatics and Debugging.
While you're not getting the point in the Method being in the class and called
when needed. It cuts coding size and time down by extremes when you have
multiple drop downs that may or may not repeat on different views.
Matijn was very correct on the combination of HTML and PHP in a Method and I do
agree, many feel this is a giant no no. Many could simply pass the array to the
view and create the drop down from there. The wonderful part of the method is
that it has the flexibility to meet many coding styles and a vast range of
abilities.
I do however feel the Mysql_real_escape_string to be un-necessary for the
developer, being the end-user(GUI between the keyboard and Chair) will not be
passing these fields to the Database. But escape away if you feel safer doing
this with-in your own version of the method.
As for the MYSQL VS MYSQLI in MOST benchmarks, I find the MYSQL extension to be
slightly faster.
Yes MYSQLI functions are more Object-oriented in some designs I feel MYSQL out
performs MYSQLI in large database setups for a personal preference.
Again you may change the Design of the method to meets your needs MYSQL or
MYSQLI doesn’t really take away from the concept.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
