@Lee; if that's anything other than a really small project can I please implore you to:
a) Use a database abstraction layer
b) Use the MySQLi PHP extension instead of the old MySQL one, as that has now been officially deprecated by PHP and will be removed from PHP in a few versions
c) Use prepared statements or sprintf()
Chippiewill.
Its not anything that will leave the comfort of localhost, but still improvements are always really useful so...@Lee; if that's anything other than a really small project can I please implore you to:
a) Use a database abstraction layer
b) Use the MySQLi PHP extension instead of the old MySQL one, as that has now been officially deprecated by PHP and will be removed from PHP in a few versions
c) Use prepared statements or sprintf()
a) Elaborate please?
b) so literally type i at the end and thats it so mysqli_query or mysqli_fetch_assoc?
c) difference between print_r and sprint_f?
a) A database abstraction layer essentially handles a lot of the work for you, for instance instead of saying mysql_query(); you'd have a set of functions or an object that do all the various bits. E.g. $db->insert( <table name>, <array of stuff> ) and it'll insert everything in to the table and escape all the data for you. You can find some for free on the internet that are fairly good.
b) Pretty much but there are some changes on the original functions. Ideally you should use the object oriented version as it's a bit tidier.
c) print_r prints an array. sprintf is an efficient way of concentating a string (e.g. something like $foo = 'some bit of string' . $bar . 'some more string';), you can say $foo = sprintf( "SELECT * FROM table WHERE column = '%s' AND othercolumn = %d", $string, $integer ); and it'll insert the contents of $string where %s is and the contents of $integer where %d, importantly it enforces type, so only a string can be inserted where a %s is and only a number where a %d is.
Chippiewill.
Want to hide these adverts? Register an account for free!