TalkPHP - View Single Post

drewbee · 06-26-2008, 01:32 PM

Yeah, I have a database abstraction class too. I just happened to use mysql_real_escape_string in the example for better understanding;

usually, my queries look like:

$this->db->query(sprintf("SELECT blah blah blah x = '%s'", $this->db->safe($_POST['var'])));

I love it because if all is well with the query, it just returns and is ready for processing but if an error happens (crucial) if I have debug turned on it will output what i passed in as the query, error message etc. In production, it sends an email to me so I can catch SQL Injection attempts and the like.

Plus should I ever change databases i simply need to change the code in the query()method. Gotta love it:)

06-26-2008, 01:32 PM	#10 (permalink)
drewbee The Acquainted Join Date: May 2008 Posts: 175 Thanks: 9	Yeah, I have a database abstraction class too. I just happened to use mysql_real_escape_string in the example for better understanding; usually, my queries look like: $this->db->query(sprintf("SELECT blah blah blah x = '%s'", $this->db->safe($_POST['var']))); I love it because if all is well with the query, it just returns and is ready for processing but if an error happens (crucial) if I have debug turned on it will output what i passed in as the query, error message etc. In production, it sends an email to me so I can catch SQL Injection attempts and the like. Plus should I ever change databases i simply need to change the code in the query()method. Gotta love it:) __________________ There are No Stupid Questions. But there a LOT of Inquisitive Idiots.