Positional parameters become a nightmare when dealing with more than 3 or 4 parameters. Named parameters are verbose. I m thinking of doing this:
query("SELECT * FROM users WHERE username = ", $username, " AND password = ", $password)
With dynamic parameters (using func_get_args()), every second one being transformed into a positional parameter.
I ve never seen this before and wanted to know if anyone has done this before and why/why not?
It s a clever idea. The only problem I see is how to distinguish between SQL and passed-in variables. Unless you make an assumption that every second arg is a variable. I just think that assumption is fragile, and obfuscates things more than makes them clear.
Better way would probably be to use interpolation:
query("SELECT foo FROM bar WHERE id = #{id}", array("id" => "23"));
Then write logic to interpolate these.
Named parameters don t have to be verbose, at least not compared to positional parameters. You could use shortened versions that are still obvious:
$st = $dbh->prepare( SELECT * FROM users WHERE username = :u AND password = :p );
$st->bindValue( :u , $username);
$st->bindValue( :p , $password);
$st->execute();
I don t think positional parameters are so bad... this is my favorite method:
function mysql_safe_string($value) {
if(is_numeric($value)) return $value;
elseif(empty($value)) return NULL ;
elseif(is_string($value)) return " ".mysql_real_escape_string($value)." ";
elseif(is_array($value)) return implode( , ,array_map( mysql_safe_string ,$value));
}
function mysql_safe_query($format) {
$args = array_slice(func_get_args(),1);
$args = array_map( mysql_safe_string ,$args);
$query = vsprintf($format,$args);
$result = mysql_query($query);
if($result === false) echo <div class="mysql-error"><strong>Error: </strong> ,mysql_error(), <br/><strong>Query: </strong> ,$query, </div> ;
return $result;
}
// example
$result = mysql_safe_query( SELECT * FROM users WHERE username=%s , $username);
I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...
I m 查询Oracle 10g。 我有两张表格(样本数据见下文)。 i m 试图提取一些领域
We have a restaurant table that has lat-long data for each row. We need to write a query that performs a search to find all restaurants within the provided radius e.g. 1 mile, 5 miles etc. We have ...
What are some cool SQL shorthands that you know of? For example, something I learned today is you can specify to group by an index: SELECT col1, col2 FROM table GROUP BY 2 This will group by col2
I have an array of output from a database. I am wondering what the cleanest way to filter the values is example array Array ( [0] => Array ( [title] => title 1 ...
we have a table in an Oracle Database which contains a column with the type Char(3 Byte). Now we use a parameterized sql to select some rows with a DBNull.Value and it doesn t work: OracleCommand ...
I have a SQL-statement like this: SELECT name FROM users WHERE deleted = 0; How can i create a result set with a running number in the first row? So the result would look like this: 1 Name_1 2 ...
I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...