Home/ Questions/Q 8103533
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T23:34:24+00:00

What would a potential employer think when seeing a function such as: function updTable{$table,

  • 0

What would a potential employer think when seeing a function such as:

function updTable{$table, $primary, $id, $key, $value){
    $primary = mysql_real_escape_string($primary);
    $id = (int) $id;
    $key = mysql_real_escape_string($key);
    $value = mysql_real_escape_string($value);
    $table = mysql_real_escape_string($table);

    mysql_query("UPDATE `{$table}` SET
                `{$key}`=`{$value}` 
                WHERE `{$primary}` = {$id}");

}

Is this bad practice? Are there any good articles on general php / mysql design guidelines (not syntax) I should read and know about?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The way you are handling your database interaction is from yesteryear. Prepared statements are the norm now and thwart a lot of SQL related attacks.

    Also, depending on your system design, you would never have a need for a function like this. If you were using an MVC pattern, you’d write a method in your model that would handle a certain type of update instead of just a generic table update.

    Looking at this function, what happens if you want to update multiple columns in that table? If, for example, you are updating 3 columns, you would have to make a call to your database 3 times, instead of one time.

    If you want something that could be a very general database layer, take a look at Doctrine or make something very similar to it.

    • 0