Posted by Michael Fesser on 06/28/07 22:58

..oO(tritone)

>$sql = "DELETE FROM " . $mosConfig_dbprefix . "foo WHERE foo_id = '" .
>mosGetParam($_POST, 'cid', '' )[$a] . "'";
>
>was throwing errors and I fixed it be doing this:
>
>
>$cidx = mosGetParam( $_POST, 'cid', '' );
>$sql = "DELETE FROM " . $mosConfig_dbprefix . "foo WHERE foo_id = '" .
>$cidx[$a] . "'";
>
>My question is why didn't the first version work and is there a way to
>code it without adding the intermediate variable?

Question was answered, but I'm wondering why you're using double-quoted
strings, but then concatenation instead of simply embedding the
variables into the string?

$cidx = mosGetParam($_POST, 'cid', '');
$sql = "
DELETE FROM {$mosConfig_dbprefix}foo
WHERE foo_id = '{$cidx[$a]}'";

Usually, if there are more variables to embed I prefer sprintf(), which
also allows for more complex expressions and function calls to build the
final string:

$cidx = mosGetParam($_POST, 'cid', '');
$sql = sprintf("DELETE FROM %sfoo WHERE foo_id = '%s'",
$mosConfig_dbprefix,
$cidx[$a]
);

Just my 2 cents.

Micha

[Back to original message]