When checking if a query was successful, what is better?
This
$query= "SELECT * FROM `table`";
$mysqliResult = $mysqli->query($query);
if(mysqli_num_rows($mysqliResult)) {
}
Or this:
$query= "SELECT * FROM `table`";
$mysqliResult= $mysqli->query($query);
if(get_resource_type($mysqliResult) === 'mysqli result') {
}
Neither.
Firs one is not an option at all. It'just inapplicable, as empty result is a legitimate result as well - the query was a success anyway.
Besides, in case of an unsuccessful query, this very code will throw an error itself!
The second one could be used for the purpose, but this approach is outdated and extremely inconvenient.
Instead, set mysqli in exception throwing mode, and you will need no code to test for success at all!
First option is better because your are checking only query is success or not but second option we use that when we need to check values and data type are equal ,so first is better
Related
Let's say we have an HTTP endpoint to get all elements by name?
GET /elements?name={name}
{name} can have a value of CSV or be absent
valid:
GET /elements?name=Bill,Mary,Ann
GET /elements?name=Mike
GET /elements
invalid:
GET /elements?name=
Somehow we find out in controller that name is not passed. We know that the contract implies to return all values for elements. Possible decisions on further actions (I've seen in different projects) are:
using a NULL or a "dummy" substitution like a secret char sequence "!#$#%#$" and juggling them in database while building a query
using if (present) { executeQueryA } else { executeQueryB } logic
I am not sure I like either of these approaches, because when there is more than one optional filter these designs become unmaintainable. Something makes me believe that there is a better way to handle the situation.
What would be a proper design on back-end and in database query to handle the case "select all" when nothing is given? Just a general idea and some pseudo-code will be much appreciated.
I want to create queries using EF FromSqlInterpolated or FromSqlRaw that allows me to use Like clauses, but I don't know what is the right way to do it without opening the application to SqlInjection attacks.
One first approach has took me to the following code
var results = _context.Categories.FromSqlInterpolated(
$"Select * from Category where name like {"%" + partialName + "%"}");
First test worked fine, it returns results when providing expected strings, and returns nothing when i provide something like ';select * from Category Where name='Notes'--%';
Still I don't know much about SqlInjection, at least not enough to feel safe with the query shown before.
Does someone know if the query is safe, or if there is a right way to do it?
Thanks
From this document
The FromSqlInterpolated and ExecuteSqlInterpolated methods allow using
string interpolation syntax in a way that protects against SQL injection attacks.
var results = _context.Categories.FromSqlInterpolated(
$"Select * from Category where name like {"%" + partialName + "%"}");
Or you can also change your query to Linq-to-Entity like this way
var results = _context.Categories.Where(p => p.name.Contains(partialName ));
I have a piece of code which returns nothing useful:
/**
* Close the web server
*
* #param {function} callback - Called after web server is stopped
*/
PolyApp.prototype.stop = function(callback) {
if (!this._listeningServer) {
if (callback) {
return callback();
}
return;
}
this._listeningServer.close(callback);
};
This function makes use of return to control the execution flow. Given it returns nothing useful I want to avoid documenting it. That gives me the following benefits:
The documentation is more clear as it documents the intention of use
The code is less cluttered with comments that provide no value
I avoid signing a contract of returning something that I do not want to maintain.
On the other hand:
I am returning a value which is not being documented
I think that I should not document it as I do not want people to rely on any returning behavior.
What do you think about? Am I doing right being pragmatic?
What you want to document is up to you. You have to ask yourself the question: "Will I, or other people, ever need to see this documentation to get additional knowledge?". In the case of callbacks that don't need any specific return behavior, you don't need to document anything of it. You should speficy for stop that it'll return whatever the callback returns. People might get confused otherwise.
Using C# 3.5 through VS 2008 and subsonic 2.2.
Anyone know if it's possible to create a subsonic query that essentially has an 'IF' in the middle of it, depending on whether a passed parameter was, for example, greater than zero.
For example, a delete method that has two passed parameters - A and B.
I want something like (pseudo code)
DELETE from Products
Where productId = A
if(B > 0)
{
AND ProductAttributeId = B
}
Obviously it wouldn't need the actual 'IF' clause in there but that's the essence of what I'm trying to do with subsonic. I know I can just have two different queries depending on whether the parameter is there or not but I was wondering if there's a cleaner way of doing it.
Thanks.
That's how I usually do it - it's not two queries, but one SqlQuery with optionally added constraints:
SqlSquery q = DAL.DB.Delete()
.From<DAL.Product()
.Where(DAL.Product.ProductIdColumn).IsEqualTo(A);
if (B > 0)
{
q.And(DAL.Product.ProductAttributeIdColumn).IsEqualTo(B);
}
q.Execute();
There may be a typo, I can't test this right now.
I am writing query like this in zend but I am not getting return result in controller file, then what I have to do for this.
$result=$db->query("insert into geofences (`name`,`description`,`polygon`,
`created_timestamp`,`company_id`)
values ('".$formData ['name']."',
'".$formData['description']."',
GeomFromText('POLYGON(($polygon))'),
now(),'".$formData ['company_id']."')
");
return $result;
after a query() statment you have to fetch the results (if you have a SELECT, SHOW, DESCRIBE and EXPLAIN statement).... i think it uses the standard mysqli classes of PHP!
In your case (an insert statement) you have no result to fetch...i think (i'm not sure but i think this is the case) that it returns true on success and false if the query fails.
Look here and here for reference