#48290 [Opn->Bgs]: make a patch to the variable parsing module of double quoted strings

Mon, 10 Aug 2009 06:15:02 -0700 

 ID:               48290
 Updated by:       [email protected]
 Reported By:      kexianbin at diyism dot com
-Status:           Open
+Status:           Bogus
 Bug Type:         Feature/Change Request
 Operating System: Irrelevant
 PHP Version:      5.3.1
 New Comment:

Will never happen. You should start using MySQLi and prepared
statements.


Previous Comments:
------------------------------------------------------------------------

[2009-08-10 12:28:52] kexianbin at diyism dot com

I've changed the summary of the request.

------------------------------------------------------------------------

[2009-08-10 12:26:41] kexianbin at diyism dot com

For the most convenience of we php programmers,
maybe we should make a patch to the variable parsing module of double
quoted strings in the php engine,
to parse variables, while add slashes to them for such formats:
"{#variable_name}",

for example:
<?
$name="myname";
$value="my'value";
echo "insert into z_test (name, value) values ('{$name}',
'{#value}')";
?>
we should get:
insert into z_test (name, value) values ('myname', 'my\'value')

------------------------------------------------------------------------

[2009-08-10 12:18:22] kexianbin at diyism dot com

Or i could write like this:

$_='addslashes';

$sql="insert into z_test (name, value) values ('{$name}',
'{$_($value)}')";
mysql_query($sql);

------------------------------------------------------------------------

[2009-08-10 11:26:11] kexianbin at diyism dot com

Maybe currently i could write like this:

$sql=eval(safe(
     "insert into z_test (name, value) values ('{$name}', '{#value}')"
     ));
mysql_query($sql);

------------------------------------------------------------------------

[2009-05-15 06:08:47] kexianbin at diyism dot com

You will say to use PDO, but these code is so ugly:

$sql=$pdo->prepare("select *
                    from sem_SearchChangeShow
                    where Keyword=:Keyword
                          and BatchNum=:BatchNum
                          and OldChannelID=:ApvChannelID_old
                          and OldCategoryID=:ApvCategoryID_old
                  ");
$sql->execute(array(':Keyword'=>$v['Keyword'],
                    ':BatchNum'=>$v['BatchNum'],
                    ':ApvChannelID_old'=>$v['ApvChannelID_old'],
                    ':ApvCategoryID_old'=>$v['ApvCategoryID_old']
                   )
             );
$tmp=$sql->fetch(PDO::FETCH_ASSOC);

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/48290

-- 
Edit this bug report at http://bugs.php.net/?id=48290&edit=1

Reply via email to