|
|
Posted by "Richard Lynch" on 11/11/05 20:06
On Thu, November 10, 2005 11:15 pm, Curt Zirzow wrote:
> <?php
>
> $sql_quoted = array(); // shiflett' -- style
>
> $myFieldValue = isset($POST['myFieldValue'])? $_POST['myFieldValue']:
> '';
>
> if (strlen(trim($myFieldValue)) {
> $sql_quoted['myField'] = "'" .
> mysql_real_escape_string($myFieldValue) . "'";
> } else {
> $sql_quoted['myField'] = 'NULL';
> }
I personally would do this part all in one shot:
$field = (isset($_CLEAN['field']) && strlen($_CLEAN['field'])) ?
"'$_CLEAN[field]" : 'NULL';
Otherwise, I find myself too distracted by all the assignments and
if/else logic, and too likely to mess them up later with code changes
in earlier/later lines.
Note that you already have the apostrophes in $field for non-NULL, so
you would just do:
$query = "insert into foo (field) values($_CLEAN[field])";
with no apostrophes
$_CLEAN represents an escaped and filtered string, or an unset index,
if nothing was in $_POST to start with. Or you can just use the empty
string '' in $_CLEAN if you find that easier to process.
More than one way to skin a cat.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|