Page 1 of 1
best practices for saving data to mysql
Posted: Thu Jan 05, 2006 3:24 pm
by nincha
Just wondering what you pros are keeping in mind when saving data to mysql.
Posted: Thu Jan 05, 2006 4:59 pm
by feyd
That last piece of pie in the fridge.
I seriously don't really think about it... I figure out how much space will be required by most things, double it and add 10-30% for giggles (growth) then figure out what field size will fit it. Since the various sizes don't really affect initial storage requirements, I'll often just use the largest size possible..
Posted: Fri Jan 06, 2006 3:58 am
by Maugrim_The_Reaper
Whether it was user sourced or not.
If the data is even remotely sourced or created by the user I immediately assume they are a grade AAA hacker trying to generate an SQL Injection, or worse. Therefore regardless of whether it is text, binary or integer I escape it before it hits an SQL statements using one of the DBMS specific PHP escaping functions.
e.g. mysql_real_escape_string() for MySQL, or pg_escape_string() for Postgres. Other DBMS have their own specific escaping functions, but if missing or not implemented I'll use addslashes() along with a few specific rules (for example MSSQL escapes quotes using '' not \').
Binary escaping is different - for example Postgres has the pg_escape_bytea() function.