Re: php4 + sqlite - quoting stuff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday 25 December 2004 16:15, Peter Jay Salzman wrote:

> There's something I'm not groking about php's syntax.  When I look at how
> you're supposed to quote stuff in sqlite for php4:
>
>  sqlite_query( $handle, "
>   INSERT INTO course VALUES (
>    '" . sqlite_escape_string($termcode)    . "',
>    '" . sqlite_escape_string($semester)    . "',
>    '" . sqlite_escape_string($course)      . "',
>    '" . sqlite_escape_string($course_desc) . "',
>    '" . sqlite_escape_string($college)     . "',
>    '" . sqlite_escape_string($reference)   . "'
>   )
>  ") or die("Error bravo in query: " .
>   sqlite_error_string(sqlite_last_error($handle)));
>
> it makes me want to cry.  Php should be prettier than Perl, not uglier.  We
> have single quotes, double quotes and a string quote function.

Perhaps if you understood what that oneliner was doing then you would 
appreciate it that a similar statement in any language would look, similar.

> How am I supposed to parse this?

How do you mean? It's PHP's job to parse.

> What's the purpose for all this quoting? 

OK for the SQL statement you need to construct a string that looks something 
like:

  INSERT INTO course VALUES ('valueoftermcode', ...)

The significant part is that you have single-quotes inside that string. so to 
make things easier for yourself you use double-quotes as your string 
delimiter:

  "INSERT INTO course VALUES ('valueoftermcode', ...)"

Now you could have used single-quotes as your string delimiter but then you 
would have had to escape the single-quotes that appear inside your string so 
it would look something like this mess:

  'INSERT INTO course VALUES (\'valueoftermcode\', ...)'

> And is there a _nicer_ way of doing this?

Yes, don't do oneliners. Rewrite like so:

  $sql_termcode = sqlite_escape_string($termcode);
  $sql_semester = sqlite_escape_string($semester);
  ...

  $sql = "INSERT INTO course VALUES ('$sql_termcode', '$sql_semester', ...)";
  sqlite_query( $handle, $sql) or die("Error bravo in query [$sql]: " .
                sqlite_error_string(sqlite_last_error($handle)));

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
------------------------------------------
/*
It's no use crying over spilt milk -- it only makes it salty for the cat.
*/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux