Blumentals Software Community

[digi_al]

Hi,

1. It would be great if we can get code highlighting for PHP function names.

2. Also for variables inside a string, eg:
"SELECT * from platform where id=$id"

Thanks and keep up the good work,

alan

[EvilBMP]

"SELECT * from platform where id=$id"

Please write:

Code: Select all

'SELECT * FROM platform WHERE id = '. (int)$id

This is a much better coding style - better to read and more secure (see the type cast) - you don't have these issues then.
And as another sidenote - don't use the * selector in MySQL statements

But, this is just a private opinion / hint

Greets Evil

[digi_al]

please dont tell me how to program.

using a variable inside an sql statement is fine - you method is in no way more secure.

how do you know i have not already checked the variable for security? or its created inside the code and not been passed in?

for me (with an app that highlights variables like this correctly ), the way i wrote the code is more readable - even more so if i have lots of variables.
not sure about speed of executing though but i have never had speed problems with php

Anyway my post was about the bug in the application's code highlight routine.

[davenz]

Ouch, so much for that suggestion.

[EvilBMP]

not sure about speed of executing though but i have never had speed problems with php

Good for you ... but it's definitely slower, because PHP has to interpret each doublequote string to look for variables inside. So in large-scale applications this does matter. Nevertheless, that has nothing to do with your request. Again just a side note. Sorry for Offtopic.

Greets Evil