ansaurus

Question

Can someone please review this short bit of code?

Answer 1

+5 A:

You should be using mysql_insert_id instead of doing a select to get the ID.

Michael Haren 2009-05-11 15:36:54

Thanks, Michael, I'll do that now.

Anriëtte Combrink 2009-05-12 07:48:22

Answer 2

+1 A:

Are you not trying to re-invent the wheel here?

Why not use

$result = mysql_query( "INSERT ... " );
$new_id = mysql_insert_id();

meouw 2009-05-11 15:37:05

Thank you, meouw, I was not aware of that function.

Anriëtte Combrink 2009-05-12 07:46:46

Answer 3

+11 A:

Try:

$name = mysql_real_escape_string($name);
$van = mysql_real_escape_string($van);
$nooiensvan = mysql_real_escape_string($nooiensvan);
$selfoon = mysql_real_escape_string($selfoon);
$email = mysql_real_escape_string($email);
$bywoon = mysql_real_escape_string($bywoon);
$metgesel = mysql_real_escape_string($metgesel);
$spesifiekeOnderwysers = mysql_real_escape_string($spesifiekeOnderwysers);
$musiek = mysql_real_escape_string($musiek);
$bydrae = mysql_real_escape_string($bydrae);
$voorstelle = mysql_real_escape_string($voorstelle);
$query = <<<END
INSERT INTO reunie
(naam, van, nooiensvan, selfoon, email, bywoon, metgesel_naam,
spesifieke_onderwysers, spesifieke_musiek, bydrae, voorstelle)
VALUES
('$naam','$van','$nooiensvan','$selfoon','$email','$bywoon','$metgesel',
'$spesifiekeOnderwysers','$musiek','$bydrae','$voorstelle')
END;
$result = mysql_query($query) or die(mysql_error() . ' - ' . $query);
$id = mysql_insert_id();

And yes all those mysql_real_escape_string() are really important.

cletus 2009-05-11 15:37:36

Or, use mysqli to avoid the death by a thousand manual escapes.

Sii 2009-05-11 15:38:40

+1: comprehensive and safer solution

Michael Haren 2009-05-11 15:39:03

mysqli unfortunately is unstable and I've given up using it. It doesn't work on LONGTEXT columns, which it took the PHP team 3 years to even acknowledge despite repeated attempts. And sometimes I find it just segfaulting on me where mysql_* works just fine.

cletus 2009-05-11 15:42:13

@cletus: You've just described the development process for the whole PHP project. ;-)

Bill Karwin 2009-05-11 16:25:41

Answer 4

+1 A:

// sleep in order for query to finish

while ($result === false) {
   sleep(1);
}

i love how if $result really is false, the script will just stop

2009-05-11 16:02:43

Actually if it is false, then the script stops immediately. ...ae','$voorstelle')") or die(mysql_error());So the sleep function completely useless.

Nick Whaley 2009-05-11 16:25:01

Thanks Nick and nameht, I was not aware that this forum was there to break people down. I was hoping for some constructive comments.

Anriëtte Combrink 2009-05-12 07:47:50

anriette, wow could you be any more rude?

2009-05-12 13:33:54

You started it by demeaning my question (how inferior it may be to yours), I was asking for constructive comments, not sarcasm... And that was what I got from you, correct me if I'm wrong?

Anriëtte Combrink 2009-05-13 08:52:19

ansaurus

tags:

views:

answers:

Can someone please review this short bit of code?

related questions