Results 1 to 25 of 48
May 3, 2013, 01:24 #21
- Join Date
- Dec 2003
- 7 Post(s)
- 0 Thread(s)
The one weird thing about is_numeric() is that it will accept a number if it contains any number of white space characters in front of the number. However, this should not cause any issues in sql. If you want to avoid this just remember to use trim() on the value.
- with prepared statements it is difficult to log queries with actual data (for any purpose) because you send queries with placeholders only and data is sent separately
- binding values break the linear flow of code as compared to injecting values to sql by the use of concatenating - the sql is in a different place than the bind() statements, so when you look at sql you don't see where the values come from because there are only placeholders. This becomes tedious if a query is larger and you have to scroll your code to see what value/variable is behind the placeholder. Placeholders look cleaner at first glance but after a few times of using them I find the 'uglier' concatenation to be actually easier to read and debug.