Haven't they overdone the quote in this sql update ?

jeddi

06-16-2009, 11:24 AM

Hi,

I am modifying a script.

At present it looks like this:

$strQuery = "insert into paypal_payment_info(paymentstatus,buyer_email,firstname,lastname,street,city,state,zipcode,country,m c_gross,mc_fee,itemnumber,itemname,os0,on0,os1,on1,quantity,memo,paymenttype,paymentdate,txnid,pendi ngreason,reasoncode,tax,datecreation)
values
('".$payment_status."','".$payer_email."','".$first_name."','".$last_name."','".$address_street."','".$address_city."','".$address_state."','".$address_zip."','".$address_country."','".$mc_gross."','".$mc_fee."','".$item_number."','".$item_name."','".$option_name1."','".$option_selection1."','".$option_name2."','".$option_selection2."','".$quantity."','".$memo."','".$payment_type."','".$payment_date."','".$txn_id."','".$pending_reason."','".$reason_code."','".$tax."','".$fecha."')";
$result = mysql_query($strQuery) or die("Default - paypal_payment_info, Query failed:". mysql_error());

Is there any need for those ". and ."
in this '".$payment_status."','".$payer_email."' ?

I usually just write ('$payment_status', ...
isn't that enough ?

I don't want to re-write this (simplify it ) if there is
a valid reason for the extra code, but if not I'd rather make it easier on the eye.

Any thoughts ?

Fou-Lu

06-16-2009, 01:15 PM

Ehhhh sorta. I would agree with the breaking of variables out, mainly because I don't agree with PHP's handling of parsable strings. For that reason, I tend to stay with single quotations and use escaping.
I'm a print formatter though, so more often you would see me using something more along this lines:

$sQry = sprintf('SELECT * FROM %s WHERE %s = \'%s\'', 'myTable', 'myField', $myField);

Which actuallly worked out pretty good with the new mysqli extension replacement for the binding.

The problem with the one that you have is that there is no optimization gain at this point. The original use of double quotations will slow down the processing (since it assumes there may be variables that need expansion), so breaking out I would suspect would slow it down even more; however, at the same time with a colour mark-up it is very readable since I can identify every variable in use.

This would probably be the fastest next to the sprintf:

$strQuery = 'insert into paypal_payment_info(paymentstatus,buyer_email,firstname,lastname,street,city,state,zipcode,country,m c_gross,mc_fee,itemnumber,itemname,os0,on0,os1,on1,quantity,memo,paymenttype,paymentdate,txnid,pendi ngreason,reasoncode,tax,datecreation)
values
(\''.$payment_status.'\',\''.$payer_email.'\',\''.$first_name.'\',\''.$last_name.'\',\''.$address_st reet.'\',\''.$address_city.'\',\''.$address_state.'\',\''.$address_zip.'\',\''.$address_country.'\', \''.$mc_gross.'\',\''.$mc_fee.'\',\''.$item_number.'\',\''.$item_name.'\',\''.$option_name1.'\',\''. $option_selection1.'\',\''.$option_name2.'\',\''.$option_selection2.'\',\''.$quantity.'\',\''.$memo. '\',\''.$payment_type.'\',\''.$payment_date.'\',\''.$txn_id.'\',\''.$pending_reason.'\',\''.$reason_ code.'\',\''.$tax.'\',\''.$fecha.'\')';

jeddi

06-17-2009, 07:37 AM

WOW - I did not realise it was that complicated!

So is this version going to be very slow ?

$Query = "insert into somewhere (status, buyer, firstname,)
VALUES ('$Db_status', '$Db_payer', '$Db_first_name')";

This is what I usually use as it is easy for me to read and I get less
errors to de-bug.

If I wrote it withall those .'\', I am sure that I would write more errors and spend more time de-bugging.

Does it really slow down the processor a lot to do it the way I do it ?

Fou-Lu

06-17-2009, 08:00 AM

No, not enough to substantiate a change in you're programming practice.
I've always written my code like this so its not a problem for me. The double quotation variable expansion is a feature of PHP, and is optimized fairly well considering what it does. It is slower yes, but this is coming into the nitpick details like comparing the speed of using:

for ($i = 0; $i < $count; $i++)

versus

for ($i = 0; $i < $count; ++$i)

where the latter is faster and better on memory since preincrements don't require temporary variables. They will both complete in a reasonable time (assuming the loops are well controlled), but the pre-increment will complete in a more reasonable amount of time.

jeddi

06-17-2009, 08:49 AM

Thanks for this:

No, not enough to substantiate a change in you're programming practice.

It is easy for some experts to go on about these nitpikky things and make guys like me feel that we have done it all wrong.

So I appreciate your honesty and practical answer :thumbsup: