-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim Hu wrote:
$this->row_data =
mysql_real_escape_string($this->row_data);
if (!$this->row_id){
$sql = "INSERT INTO $wgTableEditDatabase.row VALUES(
null,
'$this->box_id',
'$this->owner_uid',
'$this->row_data',
'$this->row_style',
'$this->row_sort_order',
'".time()."'
)";
*sob*
I'm thinking that I should probably be using
$dbr->insert
(..arrays..), $dbr->update(.. arrays..), and $dbr->delete(...
arrays...).
Yes please. :D
Should I be using $dbr->safeQuery instead of
mysql_real_escape_string?
You could, but for simple queries like this I'd much rather see the
insert(), update(), etc wrappers used. Less likelihood of user error. :)
- -- brion vibber (brion @
wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFGzFL8wRnhpk1wk44RArlKAKCV2Je+bnvs1tHOcFoUFyawZNsa8wCdG0DU
0hUDGo2P3JmWA7W/u3b3Q/w=
=oqlb
-----END PGP SIGNATURE-----