passing connection string as parameter for insert function

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
controlxjp
Forum Newbie
Posts: 5
Joined: Fri Jan 25, 2008 5:15 pm

passing connection string as parameter for insert function

Post by controlxjp »

simple question here :

if i were to create an sql insert function that includes a parameter for the connection string,

eg .
set autocommit false ; insert queries; call external insert function; update queries; set autocommit true;

does it differ so much from say if instead i just performed all the queries in one single main block?


btw, the reason i had to create a separate function is that it performs generic insert queries... in case that wasn't quite obvious
devbro
Forum Newbie
Posts: 7
Joined: Tue Mar 18, 2008 11:46 am

Re: passing connection string as parameter for insert function

Post by devbro »

it is a better idea to do each command seperately.

one of the major problems with query function in php is the sql-injection attackes.

there have been several way to prevent them such as adding slashes or killing the connection if the strings looked like sql statements.

the last and most effective solution is to only execute the first statement in an string set. It is done regardless of any error so:

ST1:ST2:ST3 only runs ST1
ST1_ERR:ST2:ST3 only runs ST1_ERR

the second reason for running statement separately is due to future compatibility and cross system issues.
controlxjp
Forum Newbie
Posts: 5
Joined: Fri Jan 25, 2008 5:15 pm

Re: passing connection string as parameter for insert function

Post by controlxjp »

that's really not where i'm getting at...

i'm talking about creating php functions with the connection string variable as a parameter
somewhere in my main block i might have this :
$conString = mysqli_connect('localhost','user','password','schema');

(set autocommit to false)

$Query = blah blah...
$Result....

CallFunction($conString, $ResultArray);

where the CallFunction is another sql block of perhaps, updates / insert queries

(set autocommit to true)

so basically, I'm asking how much of a difference it is for me to establish one connection string and pass it around before making the commit /

or create separate connections instead each time i invoke separate functions...

oh... and, i'm not passing user input directly into sql queries...
Post Reply