Re: Return a value

Side comment: "select *" is open to bugs, if the column order changes. Adding the column names is also a little self-documenting.

Overall, this looks suspiciously like dynamic SQL, which is not very secure.

Comment on Re: Return a value

Replies are listed 'Best First'.
Re^2: Return a value by 1nickt (Canon) on Jul 06, 2015 at 14:37 UTC
True dat. Take the $time to type the extra characters now and you will save ($time * 10) in debugging later. Especially now that you have discovered a good way to keep your parameters in an external ini file. The lines in that file are free! You should fill that file up with one entry per SQL statement and use the right one for each task. As the poster above said, making dynamic SQL statements is as dangerous as making soft references (variable names made from variable values in your program). The only thing that should be dynamic in your SQL statements is the bind placeholder(s). Slow down, and do it right! Remember: Ne dederis in spiritu molere illegitimi!	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Return a value
by 1nickt (Canon) on Jul 06, 2015 at 14:37 UTC

True dat. Take the $time to type the extra characters now and you will save ($time * 10) in debugging later.

Especially now that you have discovered a good way to keep your parameters in an external ini file. The lines in that file are free! You should fill that file up with one entry per SQL statement and use the right one for each task.

As the poster above said, making dynamic SQL statements is as dangerous as making soft references (variable names made from variable values in your program).

The only thing that should be dynamic in your SQL statements is the bind placeholder(s).

Slow down, and do it right!

Remember: Ne dederis in spiritu molere illegitimi!

[reply]
[d/l]