At 6:39 PM -0400 7/11/09, Haig Dedeyan wrote:

[1]

mysql_query("INSERT INTO phonedir
(fname, lname) VALUES('$new_fname','$new_lname')")
or die(mysql_error());

or

[2]

mysql_query("INSERT INTO phonedir
(fname, lname) VALUES('".mysql_real_escape_string($new_fname)."','".mysql_real_escape_string($new_lname)."')")
or die(mysql_error());


I always do [1] and NOT [2].

The reason for this is that when I clean and scrub data prior to insertion, I may do more than pass it through a mysql_real_escape_string() function.

For example, I may want to trim() it; or check if it's a valid email address; or check if it's a number; or do any number of other checks prior to insertion. I don't want to place all those functions into a query, so why place one?

Lastly, I think [1] is easier to read than [2].

That's my take.

Cheers,

tedd

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to