[nycphp-talk] Partial Name Lookup Function in PEAR
Phil Duffy
phil at bearingasset.com
Mon Sep 5 08:35:27 EDT 2005
Mikko,
Thanks for your observation. I see your point and have made the change.
Phil
-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Mikko Rantalainen
Sent: Monday, September 05, 2005 3:13 AM
To: NYPHP Talk
Subject: Re: [nycphp-talk] Partial Name Lookup Function in PEAR
Phil Duffy wrote:
> This is the PEAR-based solution to the question I posed earlier.
>
> $personList = & new DataObjects_Person();
> $lastNamePattern = $input->person->last_name;
> $lastNamePattern = addslashes($lastNamePattern) . '%';
Is this safe? I thought you were supposed to use
mysql_real_escape_string() with MySQL and pg_escape_string() with
PostgreSQL and something else with other database engines.
Code that uses DB_DataObject should use following code instead if
I've understood correctly:
$lastNamePattern = $personList->escape($lastNamePattern) . '%';
Documentation:
http://pear.php.net/manual/en/package.database.db-dataobject.db-dataobject.e
scape.php
> $personList->whereAdd("last_name LIKE '$lastNamePattern'");
> $personList->orderBy('last_name');
> $result = $personList->find();
Am I the only one wondering if using OO-interface is really LESS
error prone or EASIER than just writing the SQL queries by myself.
At least, with interface like this...
--
Mikko
_______________________________________________
New York PHP Talk Mailing List
AMP Technology
Supporting Apache, MySQL and PHP
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org
More information about the talk
mailing list