For Programmers: Free Programming Magazines  


Home > Archive > PHP DB > December 2004 > Re: [PHP-DB] php4 + sqlite - quoting stuff









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Re: [PHP-DB] php4 + sqlite - quoting stuff
Jason Wong

2004-12-25, 3:56 pm

On Saturday 25 December 2004 16:15, Peter Jay Salzman wrote:

> There's something I'm not groking about php's syntax. When I look at how
> you're supposed to quote stuff in sqlite for php4:
>
> sqlite_query( $handle, "
> INSERT INTO course VALUES (
> '" . sqlite_escape_string($termcode) . "',
> '" . sqlite_escape_string($semester) . "',
> '" . sqlite_escape_string($course) . "',
> '" . sqlite_escape_string($course_desc) . "',
> '" . sqlite_escape_string($college) . "',
> '" . sqlite_escape_string($reference) . "'
> )
> ") or die("Error bravo in query: " .
> sqlite_error_string(sqlite_last_error($h
andle)));
>
> it makes me want to cry. Php should be prettier than Perl, not uglier. We
> have single quotes, double quotes and a string quote function.

Perhaps if you understood what that oneliner was doing then you would
appreciate it that a similar statement in any language would look, similar.

> How am I supposed to parse this?

How do you mean? It's PHP's job to parse.

> What's the purpose for all this quoting?

OK for the SQL statement you need to construct a string that looks something
like:

INSERT INTO course VALUES ('valueoftermcode', ...)

The significant part is that you have single-quotes inside that string. so to
make things easier for yourself you use double-quotes as your string
delimiter:

"INSERT INTO course VALUES ('valueoftermcode', ...)"

Now you could have used single-quotes as your string delimiter but then you
would have had to escape the single-quotes that appear inside your string so
it would look something like this mess:

'INSERT INTO course VALUES ('valueoftermcode', ...)'

> And is there a _nicer_ way of doing this?

Yes, don't do oneliners. Rewrite like so:

$sql_termcode = sqlite_escape_string($termcode);
$sql_semester = sqlite_escape_string($semester);
...

$sql = "INSERT INTO course VALUES ('$sql_termcode', '$sql_semester', ...)";
sqlite_query( $handle, $sql) or die("Error bravo in query [$sql]: " .
________________sqlite_error_string(sqli
te_last_error($handle)));

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
------------------------------------------
/*
It's no use crying over spilt milk -- it only makes it salty for the cat.
*/
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com