How to answer?

Piranha

First I don't know if this is the correct forum to post this. If it is not please feel free to move it.

I want to know how the forum admins think that questions should be answered. As I can see it there is 2 ways: Help them to help themselfes and solve their problems. A simple example (not real, but could as well be):

UserQuestion wrote:
My query don't work. Can someone please help me.
$variable = $_POST['variable'];
$sql = "SELECT * FROM table WHERE name = $variable";

As I see it there are two ways to answer this. To help the poster to help himself you ask him to echo $sql. Or you can solve his problem by adding the ' signs. And should I mention anything about database injection?

What is the preferred way on these forums? Personally I think that the best thing is to help people to help themselfes and tell about threats, but it might mean that people that are here the first time will go somewhere else since many people are lazy and want the answer, not the solution.

zabmilenko

Well, I am kind of new to this board (since 2002, but only have been helping out for a couple months). In my opinion the answers given should be the minimum necessary to solve the provided problem. If there are opinions attached, they should be noted as opinions.

For your example:

Originally Posted by UserQuestion
My query don't work. Can someone please help me.
$variable = $_POST['variable'];
$sql = "SELECT * FROM table WHERE name = $variable";

I would be a bit perterbed at how little information the user gave and be tempted to give him some crap for not providing more, so I would respond something like:

Try wrapping your $variable in single quotes.

If that doesn't work, please include some more information for us, such as what $variable might contain and what database server you are using.

..But probably with more sarcasm (personal character flaw). Since he provided so little information, I would be hesitant to offer suggestions about injection attacks for fear that they would be lost on the poor contributor.

Side Note: It's surprising how many posters I see turn down injection prevention tips in these boards though. Usually with a response like "only a few people will access it anyway so I am not worried". Ouuuch...

So, in a nutshell, the volume of answer provided should be equal in size to the volume of question asked minus volume of useless information divided by volume of missing information minus the volume of pertinance to PHP.

vA = (vQ - vU) / (vM - vP)

In my opinion.

Piranha

zabmilenko wrote:
vA = (vQ - vU) / (vM - vP)

Lol, you have really thought about this :p

dougal85

lol, interesting thread.

However, i think its hard to give an answer. Some 'nooby' questions like the example given don't deserve too much attention. However, some 'noobs' might try bit harder so might need a bit more guidance... a bigger explanation to help them understand.

Those with better understanding need only the simple help, possibly to help a mind block or whatever.

However, sometimes its hard to judge a person PHP skill by there question

Just some thoughts I wanted to add.

Piranha

Since it seem like I can't get an answer I will continue to reply as I have done this far. I just think it is to bad that there is no guiding principle to make the answers more or less the same no matter who is answering. As it is now I think it's like playing the lottery, some get one kind of answer and others another kind to the same type of questions.