http://www.bytemycode.com Revisions for this snippet. Thu, 04 Dec 2008 15:45:55 +0000 1998-2008 en-us http://www.bytemycode.com http://www.bytemycode.com/img/rss_title.gif http://www.bytemycode.com/snippets/snippet/88/1/ http://www.bytemycode.com/snippets/snippet/88/comments/ Fri, 17 Feb 2006 04:36:49 +0000 mercutio mysql http://www.bytemycode.com/snippets/snippet/88/ I use this method for keeping my sql templates away from my code.

You can extend upon the idea, as I have done in the past, by placing SQL handing classes between your scripts and the template library.

Things to note here:

The lesser userd heredoc string method. The reason this is used is to keep the SQL clear and well laid out, and not as messy as using quotes.

vsprintf() is a very handy function if you don't want to hard code the number of parameters to interpolate your string with.

The use of sprintf templates offers you additional security. For example, only allowing numbers to be placed where a %d falls. This, of course, shouldn't be the only security on user supplied variables, but comes in extra handy for debugging purposes.

Regarding the TODO in there, it would take a check of the number of % placeholders there are in the template. One caveat is remembering to remove the count of %%'s that appear (the literal percentage).

]]> http://www.bytemycode.com/snippets/snippet/88/2/ http://www.bytemycode.com/snippets/snippet/88/comments/ Fri, 17 Feb 2006 04:39:10 +0000 mercutio mysql http://www.bytemycode.com/snippets/snippet/88/ I use this method for keeping my sql templates away from my code.

You can extend upon the idea, as I have done in the past, by placing SQL handing classes between your scripts and the template library.

Things to note here:

The lesser userd heredoc string method. The reason this is used is to keep the SQL clear and well laid out, and not as messy as using quotes.

vsprintf() is a very handy function if you don't want to hard code the number of parameters to interpolate your string with.

The use of sprintf templates offers you additional security. For example, only allowing numbers to be placed where a %d falls. This, of course, shouldn't be the only security on user supplied variables, but comes in extra handy for debugging purposes.

Regarding the TODO in there, it would take a check of the number of % placeholders there are in the template. One caveat is remembering to remove the count of %%'s that appear (the literal percentage).


P.S, this system doesn't appear to like the < < < ENDSQL used to define the beginning of a heredoc statement.

]]> http://www.bytemycode.com/snippets/snippet/88/3/ http://www.bytemycode.com/snippets/snippet/88/comments/ Fri, 17 Feb 2006 04:52:36 +0000 mercutio mysql http://www.bytemycode.com/snippets/snippet/88/ I use this method for keeping my sql templates away from my code.

You can extend upon the idea, as I have done in the past, by placing SQL handing classes between your scripts and the template library.

Things to note here:

The lesser userd heredoc string method. The reason this is used is to keep the SQL clear and well laid out, and not as messy as using quotes.

vsprintf() is a very handy function if you don't want to hard code the number of parameters to interpolate your string with.

The use of sprintf templates offers you additional security. For example, only allowing numbers to be placed where a %d falls. This, of course, shouldn't be the only security on user supplied variables, but comes in extra handy for debugging purposes.

Regarding the TODO in there, it would take a check of the number of % placeholders there are in the template. One caveat is remembering to remove the count of %%'s that appear (the literal percentage).

]]>