Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it valid to do something like this, I never see more than 1 or operator:
$insert = 'INSERT into fhours (' .$cols . ') VALUES ('.$query.')';
$update = sprintf("UPDATE fhours SET %s WHERE fname='$fname' AND lname='$lname'", $field_list);
$result = $db->query($update) or $db->query($insert) or die('uhoh');`
There are two problems with this.
The first is that you can be using parameterized queries. Look at PDO, this will help you greatly. Not only is this faster for multiple inserts, but you don’t have to worry about SQL injection so much.
The second is that you can use MySQL’s
ON DUPLICATE KEY UPDATEto take care of this issue for you. Otherwise, when your query fails, you don’t know why it failed. It may not have been a duplicate key issue at all!Other than that, the code from the standpoint of
oris just fine.