Nathan Nobbe wrote:
On Feb 9, 2008 7:03 PM, nihilism machine <nihilismmachine@xxxxxxxxx> wrote:
Looking to really beef up my DB class, any suggestions for functions
to add that will be more time saving for a web 2.0 app, or ways to
improve existing methods? thank you everyone in advance.
first of all, as a matter of style, its conventional to capitalize class
names. so
you would change the name to Db. also, conventionally, member functions are
not capitalized; so Terminator(), becomes terminator().
next thing is you have no escaping of the queries. you should be wrapping
the
$sql that gets passed into your query method in mysql_real_escape_string().
You don't escape the whole query.
You want something like this:
public function quote($string='') {
return mysql_real_escape_string($string);
}
and call it like this:
$query = "select blah from table where username='",
$db->quote($_POST['username']), "' and password='",
$db->quote($_POST['password']), "'";
im not sure why you would name a call to mysql_insert_id(), select_id(); it
seems
better to preserve the original name.
because dropping in a replacement to use sqlite/postgres/other db will
still call 'mysql_insert_id()' ? Seems a bit strange.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
