Code Comments

Programming Forum and web based access to our favorite programming groups.
For Programmers: Free Programming Magazines | New: Database administration forum
Registration is free! Edit your profileCalendarFind other membersFrequently Asked QuestionsSearch -> 
Code Comments > PHP > PHP DB >

Re: [PHP-DB] php4 + sqlite - quoting stuff


Post New Thread











Thread
Author
Re: [PHP-DB] php4 + sqlite - quoting stuff
On Saturday 25 December 2004 16:15, Peter Jay Salzman wrote:

> There's something I'm not groking about php's syntax.  When I look at how
> you're supposed to quote stuff in sqlite for php4:
>
>  sqlite_query( $handle, "
>   INSERT INTO course VALUES (
>    '" . sqlite_escape_string($termcode)    . "',
>    '" . sqlite_escape_string($semester)    . "',
>    '" . sqlite_escape_string($course)      . "',
>    '" . sqlite_escape_string($course_desc) . "',
>    '" . sqlite_escape_string($college)     . "',
>    '" . sqlite_escape_string($reference)   . "'
>   )
>  ") or die("Error bravo in query: " .
>    sqlite_error_string(sqlite_last_error($h
andle)));
>
> it makes me want to cry.  Php should be prettier than Perl, not uglier.  W
e
> have single quotes, double quotes and a string quote function.

Perhaps if you understood what that oneliner was doing then you would
appreciate it that a similar statement in any language would look, similar.

> How am I supposed to parse this?

How do you mean? It's PHP's job to parse.

> What's the purpose for all this quoting?

OK for the SQL statement you need to construct a string that looks something
like:

INSERT INTO course VALUES ('valueoftermcode', ...)

The significant part is that you have single-quotes inside that string. so t
o
make things easier for yourself you use double-quotes as your string
delimiter:

"INSERT INTO course VALUES ('valueoftermcode', ...)"

Now you could have used single-quotes as your string delimiter but then you
would have had to escape the single-quotes that appear inside your string so
it would look something like this mess:

'INSERT INTO course VALUES ('valueoftermcode', ...)'

> And is there a _nicer_ way of doing this?

Yes, don't do oneliners. Rewrite like so:

$sql_termcode = sqlite_escape_string($termcode);
$sql_semester = sqlite_escape_string($semester);
..

$sql = "INSERT INTO course VALUES ('$sql_termcode', '$sql_semester', ...)";
sqlite_query( $handle, $sql) or die("Error bravo in query [$sql]: " .
 ________________sqlite_error_string(sqli
te_last_error($handle)));

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
------------------------------------------
/*
It's no use crying over spilt milk -- it only makes it salty for the cat.
*/

Report this thread to moderator Post Follow-up to this message
Old Post
Jason Wong
12-25-04 08:56 PM

Sponsored Links



Last Thread Next Thread Next
Search this forum -> 
Post New Thread

PHP DB archive

Show a Printable Version Send to friend Email This Page to Someone! subscribe to this thread Receive updates to this thread
Computer Consultants
Programming Jobs
Visual Basic Controls
SQL Server Programming
Webservices
Java Security
Visual Studio
C# Programming
Visual J++
Software engineering
Open source Software
Perl Programming
PHP Programming
ASP Programming
ASP .NET Programming
Visual Basic Programming
Windows Scripting Host
Java Programming
Java Help
Java Beans
VBScript
Cobol
MAC Applications
Unix Programming
Forum Jump:
All times are GMT. The time now is 08:36 AM.

 
Free MCSE Braindumps | Real Estate Topics
Programming forum archive

Copyrights CodeComments.com 2004 - 2006

Powered by vBulletin Copyright 2000-2006 Jelsoft Enterprises Limited.