Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 how about always check sqlstring in sql statement?		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

bjlt
Senior Member

1144 Posts
Posted - 14 July 2002 :  16:37:39  Show Profile
Before v3.3.05 not all instances of data in sql strings are checked, I see in the current code of 3.3.05 some of the checks are added in the sql statments, while others are added right when the data is retrieved.

e.g.

a=chkString(b,sqlstring)
strsql ... M_NAME = '" a "'...
==========
strsql ... M_NAME = '" chkString(b,Sqlstring) "' ...


personally I think all sqlstring check should be in the sql statements. it's a method easier to maintain and to follow.



Edited by - bjlt on 14 July 2002 16:38:25

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 14 July 2002 :  16:56:42  Show Profile  Visit HuwR's Homepage
personally I would disagree, it is better to write
a=chkString(b,sqlstring) and then use a 20 times than to write a=chkString(b,sqlstring) 20 times, less code and fewere function calls
Go to Top of Page

bjlt
Senior Member

1144 Posts
Posted - 14 July 2002 :  17:20:44  Show Profile
well, you can build another shorter function for this.

I've seen others use something like sqlstr, sqlval, sqldat for this purpose.
with sqlstr you don't need to remember to put ' ' around the data.

for example
F1 = " & sqlstr(a) &"..." 'a'

F4 = " & sqlval(d) &"..." 0

then it's not that difficult to write and make things simpler, no need to put ' there.
the problem I found with the current codes is that it sometimes check sqlstring in the sql statement, sometimes check it directly when assign the value to the data. It's likely to forget the checking.

well, I feel it's easier to follow to always check it in the sql statement.





Edited by - bjlt on 14 July 2002 17:23:27

Edited by - bjlt on 14 July 2002 17:29:49
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 14 July 2002 :  17:26:52  Show Profile  Visit HuwR's Homepage
just because something is easier doesn't make it better coding.

I agree that consisitency should be maintained, but you will likely find that values put through chkstring outside of the sql statements is because they are used in multiple places in the asp file not just in the odd sql string, so it is more efficient to convert it only once.
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 14 July 2002 :  17:34:40  Show Profile  Visit HuwR's Homepage
I like the idea of using the function to add the ' at the same time though, that would save a lot of niggly errors youget in mosds sometimes too, but I think it is too late to change for 3.4 , unless you want to wait even longer.

Go to Top of Page

bjlt
Senior Member

1144 Posts
Posted - 14 July 2002 :  17:44:09  Show Profile


snitz2000 v3.4 is in my dream,
and I wish all my dreams could come ture.




Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.23 seconds. Powered By: Snitz Forums 2000 Version 3.4.07