Home/ Questions/Q 7816481
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T05:53:07+00:00

Is there a principle that advises against doing things like: mysql_real_escape_string(trim(str_replace($var, black, <body text=’%body%’>)));

  • 0

Is there a principle that advises against doing things like:

mysql_real_escape_string(trim(str_replace($var, "black", "<body text='%body%'>")));

If something like that should be a no-no, then would this be acceptable?

$var = trim($var);
$var = str_replace($var, "black", "<body text='%body%'>");
$var = mysql_real_escape_string($var);

Or is that bad practice also, to call and perform on the same variable on a single like, like I did above? Would it be better to do:

$var1 = trim($var);
$var2 = str_replace($var1, "black", "<body text='%body%'>");
$var3 = mysql_real_escape_string($var2);

I’ve always wondered this!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think the normal practice is to “nest” the functions like the first example.

    There are a couple reasons, but mostly it shows that everything is happening to the same object in a specific order, with nothing going on in-between.

    That being said, if you don’t know exactly what you are going to be doing, you might want to start with the second example, so you can easily go back and add in functions.

    Basically, the first is preferred and more common (I think) in the end, the second is good for testing and development, and the third is just a waste of resources (granted it is small, but there’s no need).

    • 0