Quotes vs. Single Quote
in [General]
|
From: tedd on 6 Aug 2010 08:08 At 10:10 PM -0400 8/5/10, Rick Dwyer wrote: >2nd question, in the 3 [2] lines below: > >$checkstat = "select field from table where fieldid = $field_id"; >$result1 = @mysql_query($checkstat,$connection) or die("Couldn't >execute query"); > >If I were to recode in the latter style, should they not look like this: > >$checkstat = 'select field from table where fieldid = "'.$field_id.'"'; >$result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t >execute query'); Rick: Others gave you good advice on quotes, but I'll address your second question on database queries. The following is in the form of what I normally do: $query = "SELECT field FROM table WHERE field_id = '$field_id' "; $result = mysql_query($query) or die("Couldn't execute query"); Please note these are my preferences (others may have different preferences): 1. I use UPPERCASE for all MySQL syntax. 2. I do not use the @ before mysql_query because that suppresses errors. I prefer to see errors and fix them. 3. It's not necessary to include the second argument (i.e., $connection) in mysql_query. 4. IMO, a query should be named $query and a result should be named $result. If I have several results, then I use $result1, $result2, $result3, and so on. 5. I try to match MySQL field names to PHP variable names, such as field_id = '$field_id'. This makes it easier for me to read and debug. 6. Also note that the PHP variable $field_id is enclosed in single quotes within the query. 7. For sake of readability, in the query I also place a space after the last single quote and before the ending double quote, such as field_id = '$field_id' ". -- I do not like, nor is it readable, to have a singledouble quote (i.e., '"). There is one additional thing that I do, but it requires an included function. For your kind review, in my query I do this: $result = mysql_query($query) or die(report($query,__LINE__,__FILE__))); and the report function I include to the script is: <?php //==================== show dB errors ====================== function report($query, $line, $file) { echo($query . '<br>' .$line . '<br>' . $file . '<br>' . mysql_error()); } ?> That way, if something goes wrong, the report function will show in what file and at what line number the error occurred. Now, this is OK for development, but for production you should comment out the echo so you don't report errors publicly. Besides, you should have all the errors fixed before your script becomes production anyway, right? :-) HTH, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com
From: tedd on 6 Aug 2010 08:31 At 11:00 PM -0400 8/5/10, Paul M Foster wrote: >On Thu, Aug 05, 2010 at 10:10:26PM -0400, Rick Dwyer wrote: > > > echo "<table border='1'><tr>.... >> >> And elsewhere on the page it follows: >> > > echo '<table border="1"><tr>.... > >Not acceptable and sloppy. Be consistent in your coding style. In >general, HTML attributes should be surrounded by double quotes. I don't >know about javascript. Moreover, it's generally better to simply output >HTML rather than to echo it, like: > ><table border="1"><tr> ><td> ><?php echo $some_value; ?> ></td> Rick: I agree with Paul. I would only add that you should use what languages best serve your needs. While it may not be obvious, the statement: <table border="1"> is flawed (IMO). The "best" way to handle this is to define a class (or id) for the table in a css file and then set the border (i.e., styling) to whatever you want. For example, your HTML would look like: <table class="my_table"> And your CSS would contain: ..my_table { border: 1px solid black; } That way at some future date, you may want to change the border color, size, whatever and it's a trivial thing to do so without having to search through all your code to find ill-placed styling attributes. As I always say, neither CSS, PHP, or any web language exist in a vacuum. It always best to use whatever language that makes your life (and others) simpler. Cheers, tedd PS: Considering that this is Friday. I have a grammar question for the group. I said above: "neither CSS, PHP, or any web language exist in a vacuum." Is the word "neither" appropriate in this sentence? Normally, two items can be compared by "neither" or "nor", but what about more than two items? Is it appropriate to use "neither" or "nor" for more than two items? -- ------- http://sperling.com http://ancientstones.com http://earthstones.com
From: tedd on 6 Aug 2010 08:37 At 9:05 PM -0700 8/5/10, Michael Shadle wrote: > >Leave the single quotes for parameters, indexes, code, not attributes - $.02 Agreed. "Render unto Caesar (HTML) the things that are Caesar's and unto God (PHP -- Lord forgive me) the things that are God's." In other words, when writing code in another language use the syntax that is appropriate for that language Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com
From: Floyd Resler on 6 Aug 2010 08:40 On Aug 6, 2010, at 8:08 AM, tedd wrote: > At 10:10 PM -0400 8/5/10, Rick Dwyer wrote: >> 2nd question, in the 3 [2] lines below: >> >> $checkstat = "select field from table where fieldid = $field_id"; >> $result1 = @mysql_query($checkstat,$connection) or die("Couldn't execute query"); >> >> If I were to recode in the latter style, should they not look like this: >> >> $checkstat = 'select field from table where fieldid = "'.$field_id.'"'; >> $result1 = @mysql_query($checkstat,$connection) or die('Couldn\'t execute query'); > > Rick: > > Others gave you good advice on quotes, but I'll address your second question on database queries. > > The following is in the form of what I normally do: > > $query = "SELECT field FROM table WHERE field_id = '$field_id' "; > $result = mysql_query($query) or die("Couldn't execute query"); > > Please note these are my preferences (others may have different preferences): > > 1. I use UPPERCASE for all MySQL syntax. > > 2. I do not use the @ before mysql_query because that suppresses errors. I prefer to see errors and fix them. > > 3. It's not necessary to include the second argument (i.e., $connection) in mysql_query. > > 4. IMO, a query should be named $query and a result should be named $result. If I have several results, then I use $result1, $result2, $result3, and so on. > > 5. I try to match MySQL field names to PHP variable names, such as field_id = '$field_id'. This makes it easier for me to read and debug. > > 6. Also note that the PHP variable $field_id is enclosed in single quotes within the query. > > 7. For sake of readability, in the query I also place a space after the last single quote and before the ending double quote, such as field_id = '$field_id' ". -- I do not like, nor is it readable, to have a singledouble quote (i.e., '"). > > There is one additional thing that I do, but it requires an included function. For your kind review, in my query I do this: > > $result = mysql_query($query) or die(report($query,__LINE__,__FILE__))); > > and the report function I include to the script is: > > <?php > //==================== show dB errors ====================== > > function report($query, $line, $file) > { > echo($query . '<br>' .$line . '<br>' . $file . '<br>' . mysql_error()); > } > ?> > > That way, if something goes wrong, the report function will show in what file and at what line number the error occurred. Now, this is OK for development, but for production you should comment out the echo so you don't report errors publicly. Besides, you should have all the errors fixed before your script becomes production anyway, right? :-) > > HTH, > > tedd > Tedd, Well said! I pretty much follow those same standards as well. Especially with the naming of variables to match field names. I also make sure that any form field names match my database names. It makes updating and inserting records so much easier! I've written a database class that allows me to update and insert records as easily as this: $db->insert("table_name",$_POST); $db->update("table_name","id_field_name",$id,$_POST); And, yes, I do sanitize the data to make sure it doesn't do bad things to my database! :) Take care, Floyd
From: Richard Quadling on 6 Aug 2010 08:44 On 6 August 2010 13:31, tedd <tedd.sperling(a)gmail.com> wrote: >I have a grammar question for the > group. I said above: > > "neither CSS, PHP, or any web language exist in a vacuum." > > Is the word "neither" appropriate in this sentence? > > Normally, two items can be compared by "neither" Â or "nor", but what about > more than two items? Is it appropriate to use "neither" Â or "nor" for more > than two items? > http://en.wikipedia.org/wiki/Neither says that "either" can be used for many items if they are in a list (like you've used), so neither would probably follow the same argument.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: PHP The Anthem Next: Protecting PHP scripts called via AJAX from evil |