At 6:39 PM -0400 7/11/09, Haig Dedeyan wrote:


mysql_query("INSERT INTO phonedir
(fname, lname) VALUES('$new_fname','$new_lname')")
or die(mysql_error());



mysql_query("INSERT INTO phonedir
(fname, lname) VALUES('".mysql_real_escape_string($new_fname)."','".mysql_real_escape_string($new_lname)."')")
or die(mysql_error());

I always do [1] and NOT [2].

The reason for this is that when I clean and scrub data prior to insertion, I may do more than pass it through a mysql_real_escape_string() function.

For example, I may want to trim() it; or check if it's a valid email address; or check if it's a number; or do any number of other checks prior to insertion. I don't want to place all those functions into a query, so why place one?

Lastly, I think [1] is easier to read than [2].

That's my take.




PHP General Mailing List (
To unsubscribe, visit:

Reply via email to