best practices for saving data to mysql
Moderator: General Moderators
best practices for saving data to mysql
Just wondering what you pros are keeping in mind when saving data to mysql.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
That last piece of pie in the fridge.
I seriously don't really think about it... I figure out how much space will be required by most things, double it and add 10-30% for giggles (growth) then figure out what field size will fit it. Since the various sizes don't really affect initial storage requirements, I'll often just use the largest size possible..
I seriously don't really think about it... I figure out how much space will be required by most things, double it and add 10-30% for giggles (growth) then figure out what field size will fit it. Since the various sizes don't really affect initial storage requirements, I'll often just use the largest size possible..
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Whether it was user sourced or not. 
If the data is even remotely sourced or created by the user I immediately assume they are a grade AAA hacker trying to generate an SQL Injection, or worse. Therefore regardless of whether it is text, binary or integer I escape it before it hits an SQL statements using one of the DBMS specific PHP escaping functions.
e.g. mysql_real_escape_string() for MySQL, or pg_escape_string() for Postgres. Other DBMS have their own specific escaping functions, but if missing or not implemented I'll use addslashes() along with a few specific rules (for example MSSQL escapes quotes using '' not \').
Binary escaping is different - for example Postgres has the pg_escape_bytea() function.
If the data is even remotely sourced or created by the user I immediately assume they are a grade AAA hacker trying to generate an SQL Injection, or worse. Therefore regardless of whether it is text, binary or integer I escape it before it hits an SQL statements using one of the DBMS specific PHP escaping functions.
e.g. mysql_real_escape_string() for MySQL, or pg_escape_string() for Postgres. Other DBMS have their own specific escaping functions, but if missing or not implemented I'll use addslashes() along with a few specific rules (for example MSSQL escapes quotes using '' not \').
Binary escaping is different - for example Postgres has the pg_escape_bytea() function.