best practices for saving data to mysql

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nincha
Forum Contributor
Posts: 191
Joined: Fri Mar 28, 2003 12:30 pm
Location: CA, USA

best practices for saving data to mysql

Post by nincha »

Just wondering what you pros are keeping in mind when saving data to mysql.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

That last piece of pie in the fridge.

I seriously don't really think about it... I figure out how much space will be required by most things, double it and add 10-30% for giggles (growth) then figure out what field size will fit it. Since the various sizes don't really affect initial storage requirements, I'll often just use the largest size possible..
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Whether it was user sourced or not. :)

If the data is even remotely sourced or created by the user I immediately assume they are a grade AAA hacker trying to generate an SQL Injection, or worse. Therefore regardless of whether it is text, binary or integer I escape it before it hits an SQL statements using one of the DBMS specific PHP escaping functions.

e.g. mysql_real_escape_string() for MySQL, or pg_escape_string() for Postgres. Other DBMS have their own specific escaping functions, but if missing or not implemented I'll use addslashes() along with a few specific rules (for example MSSQL escapes quotes using '' not \').

Binary escaping is different - for example Postgres has the pg_escape_bytea() function.
Post Reply