Search found 19 matches

by alex-weej
Sun May 14, 2006 12:26 pm
Forum: PHP - Code
Topic: Quirky PHP question (variables in MYSQL statements)
Replies: 7
Views: 718

Never ever ever build SQL statements by directly dumping variables into the string. Do this instead: $sql = 'SELECT * FROM books WHERE book_id = %d'; $sql = sprintf($sql, $book_id); The %d sprintf() token is for integers. Whatever $book_id is, be it a number, boolean, string, whatever, it won't brea...
by alex-weej
Sun May 14, 2006 12:19 pm
Forum: PHP - Code
Topic: Code to get field value from DB not working
Replies: 4
Views: 462

Firstly, you can use an SQL "REPLACE" statement to update or insert records, depending on whether keys overlap or not. That should simplify your code muchly.
by alex-weej
Sun May 14, 2006 12:15 pm
Forum: PHP - Code
Topic: editing a XML file
Replies: 9
Views: 449

Holy crap. Don't do that. $doc = DOMDocument::load('yourfile.xml'); $root = $doc->documentElement; $item = $doc->createElement('item'); $item->setAttribute('name', 'Test3'); $item->appendChild($doc->createElement('category', 'Other')); $item->appendChild($doc->createElement('serial', '1234')); $root...
by alex-weej
Sun May 14, 2006 12:09 pm
Forum: PHP - Code
Topic: HTML Encode / Decode
Replies: 3
Views: 454

printf('<textarea>%s</textarea>', htmlspecialchars($string, ENT_NOQUOTES, 'UTF-8')); ... 100% bulletproof. ENT_NOQUOTES (vs. ENT_COMPAT or ENT_QUOTES) disables quote encoding, as it's not needed outside of attribute markup. Setting the encoding type really isn't so important with htmlspecialchars()...