|
|
Posted by strawberry on 04/13/07 21:17
On Apr 13, 7:40 pm, "Steve" <no....@example.com> wrote:
> "strawberry" <zac.ca...@gmail.com> wrote in message
>
> news:1176488231.812171.25480@o5g2000hsb.googlegroups.com...
> On Apr 13, 6:23 pm, Rami Elomaa <rami.elo...@gmail.com> wrote:
>
> ============
>
> foreach ($_GET as $condition_key => $condition_value) {
> $condition[] =" `$condition_key` = '$condition_value' ";
> $condition_keys[] = "$condition_key";
> $condition_values[] = "'$condition_value'";}
>
> if(is_null($condition)){
> $conditionString = " 1 ";}else{
>
> $conditionString = implode('AND', $condition);
> $conditionKeysString = implode(',',$condition_keys);
> $conditionValuesString = implode(',',$condition_values);
>
> ============
>
> have you thought of always having criteria of WHERE 1 = 1 ? that way you can
> avoid having if/else logic. you can then always impode with AND.
Good idea, what would that actually look like?
> i'd also
> recommend that you array_walk the columns ($cond_keys) and the values
> ($cond_values) so that you can back-tick the columns and escape the ticks
> that may be present in the values. otherwise, you may have quite a volitile
> little query. :)
>
At the moment, the intention is to deploy this on a tiny office
intranet so the security risks are neglible. That said, it's obviously
very sensible advice, however, the author of the class
has just informed that he's shortly going to publish a new version
with this functionality built in - so I think I might just wait to see
what that's all about.
> i'd also watch out for treating $_GET as global AND trustworthy. it's better
> to define the fields in your code and then set their prospective values from
> $_GET/$_POST/$_REQUEST/whatever. array_walk is great for that as well.
> if i wanted to hack and ruin your site (down your mysql instance), i could
> introduce my own little condition and have it loop infinitely.
That would be mean. Well, in the event of that happening, at least now
I'd know where to come knocking.
> just a thought.
Thanks guys. It looks like this one will resolve itself in due course.
Still, I'd like to figure out what's going on for the next time I run
into this kind of problem.
Cheers.
Navigation:
[Reply to this message]
|