Author |
Topic |
|
bjlt
Senior Member
1144 Posts |
Posted - 14 July 2002 : 16:37:39
|
Before v3.3.05 not all instances of data in sql strings are checked, I see in the current code of 3.3.05 some of the checks are added in the sql statments, while others are added right when the data is retrieved.
e.g.
a=chkString(b,sqlstring) strsql ... M_NAME = '" a "'... ========== strsql ... M_NAME = '" chkString(b,Sqlstring) "' ...
personally I think all sqlstring check should be in the sql statements. it's a method easier to maintain and to follow.
Edited by - bjlt on 14 July 2002 16:38:25 |
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 14 July 2002 : 16:56:42
|
personally I would disagree, it is better to write a=chkString(b,sqlstring) and then use a 20 times than to write a=chkString(b,sqlstring) 20 times, less code and fewere function calls
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 14 July 2002 : 17:20:44
|
well, you can build another shorter function for this.
I've seen others use something like sqlstr, sqlval, sqldat for this purpose. with sqlstr you don't need to remember to put ' ' around the data.
for example F1 = " & sqlstr(a) &"..." 'a'
F4 = " & sqlval(d) &"..." 0
then it's not that difficult to write and make things simpler, no need to put ' there. the problem I found with the current codes is that it sometimes check sqlstring in the sql statement, sometimes check it directly when assign the value to the data. It's likely to forget the checking.
well, I feel it's easier to follow to always check it in the sql statement.
Edited by - bjlt on 14 July 2002 17:23:27
Edited by - bjlt on 14 July 2002 17:29:49 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 14 July 2002 : 17:26:52
|
just because something is easier doesn't make it better coding.
I agree that consisitency should be maintained, but you will likely find that values put through chkstring outside of the sql statements is because they are used in multiple places in the asp file not just in the odd sql string, so it is more efficient to convert it only once.
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 14 July 2002 : 17:34:40
|
I like the idea of using the function to add the ' at the same time though, that would save a lot of niggly errors youget in mosds sometimes too, but I think it is too late to change for 3.4 , unless you want to wait even longer.
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 14 July 2002 : 17:44:09
|
snitz2000 v3.4 is in my dream, and I wish all my dreams could come ture.
|
|
|
|
Topic |
|