good coding practice

Paul_Ferrie

Is it good coding practice to input the data from a query as it is in the db

I mean like

$query = "INSERT INTO idfUsers (username, password, email, locate, sex, www, age, conx, started, img, signature, viewprof) VALUES 
('$username', '$crypt', '$email', '$locate', '$sex', '$www', '$age', '$conx', '$started', '$img', '$signature', '$viewprof')";

And in the db the table would be stuctured like

username
password
email
etc.
Would it matter if the db was like

viewprof
started
img
username
etc.
Does it matter which way?

Just a thought

Chers
Paul

drawmack

the first way is self documenting the second way is not.

Paul_Ferrie

Self documenting?

drawmack

If you always put the field names in your queries in the same order they are retrieved from the database when you do a select * then you can check the order by quickly looking at the code, i.e. self-documenting

Shrike

I prefer to assemble validated data into an array, and build the SQL query using foreach(). I think it looks neater, and allows you to change the data quite easily (adding or removing elements).

On a completely different point you don't need to specify SQL column names when entering data, which saves you from RSI :p.

Self documentation is fine, if you really want it I would suggest using PHPDoc (although still experimental last time I checked). To be honest though if your project is big enough to require documentation, then you should probably do it the old fashioned way 🙂

Paul_Ferrie

my rpoject is my website. it is only 80% php, would like it to be 100%

Cheers for the comments

Paul

planetsim

I also suggest you protect yourself from SQL Injections dont trust any information from the user, whether it be posted information or from the query string

Paul_Ferrie

Hi planetsim soory i dont follow what your saying.

I also suggest you protect yourself from SQL Injections dont trust any information from the user, whether it be posted information or from the query string

i am one of those peeps that learn stuff as and when needed.

Cheers
Paul