On Tuesday 27 May 2003 17:23, Becoming Digital wrote: > I suppose there is nothing inherently wrong with it, just a seeming lack of > elegance. The link is intended to pass information (cat_id) to a query on > the next page, thus deciding from which category items should be listed. > > Thinking about it further, I do have a third option. I realized that I can > simply append the query to read: > > $query = "SELECT * FROM food WHERE ".$_SERVER[QUERY_STRING]; Minor note: it should be $_SERVER['QUERY_STRING']. > What are your opinions on that option? Accepting user input without validation opens up your application to potential abuse. > I am not terribly fond of it > because it allows for no scalability. I am a big believer in developing > re-usable code and this example seems quite limited. Thanks again. What kind of scalability? If you mean the ability to handle any number of fields then you need to come up with some code which basically: 1) defines which fields to accept 2) defines limits on those fields (whether they're integers/strings/whatever/etc) 3) parses the query string and only accepts fields defined in (1) and passes the checks defined in (2) -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db ------------------------------------------ /* It is easier to resist at the beginning than at the end. -- Leonardo da Vinci */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
