5
Let’s say I have one input text de name="txtnome", it is a good practice to have a column of the same name as this input on my table?
Being that I’m using PDO for CRUD
$st =$this->db->prepare("UPDATE $tabela SET yxtnome=:txtnome WHERE id=:id");
$st->execute(array(
":id"=> $_POST["id"],
":txtnome" => $_POST["txtnome"]
));
6
You could say it is. If no problem cause is a good practice.
But like all "good practice", it is only valid when the person knows what they are doing. When one does not understand why it is being adopted, one is only repeating what others have told him to do, it will always be bad practice. Even if you’re right, if you hit by coincidence, it’s bad practice.
The only really good practice is to understand what you are doing, to study deeply the mechanism you are using and to analyze the specific situation to determine whether or not to adopt a particular procedure in that actual situation.
The purpose of the database column is to store exactly what is in the form of the page? Then it seems to be ok. Now, if the column keeps a data that has a relation to this field of the page, but this happens only by chance, if this column can have data coming from other points of the application, ie if the relation is indirect, then this can change of figure. Or not, after all there are names that are very common.
Some people think that using the prefix txt is not recommended. It is unnecessary. This is considered hungarian notation and discouraged by being something superfluous and possibly harmful when needed for some reason change the data type.
It may be that the architecture of the application, which I don’t know, may have some specific need that makes it a bad practice, but I can’t say.
But note that all this is very conceptual. Technically there is nothing to prevent or cause trouble. And maybe this is the real question.
Already the UPDATE $tabela can be a bad practice depending on where this variable comes from. It would be asking to suffer a potentially devastating attack on the database. But this is not the focus of the question.
Browser other questions tagged php sql database pdo modeling
You are not signed in. Login or sign up in order to post.
I have to create 10 forms with 40 questions each (in my code there is a loop that takes the name column of $_POST and makes a reference with the column of the database table), I think would waste a lot of time checking the html form and the column of the database. the table name could be from a private variable: UPDATE $this->table . there is another better way to ensure better security ?
– denalioasis
I disagree. The names of the controls should not influence the names of the columns or the reciproco. This does not mean that this cannot happen. This may be almost a convention issue created by the development team. But I’ve certainly developed several applications where I’m not worried about whether or not the name of the element is the same as in the database.
– Bruno Costa
@denalioasis so you need best techniques, tools. As for the security I can not say because I did not see the whole, but take out this variable would be a good.
– Maniero
@Brunocosta thanks for disagreeing without disagreeing at all.
– Maniero
@bigown. More specifically, I disagree with the first paragraph.
– Bruno Costa
@Brunocosta agrees with the second and third paragraph, is already jewel, because there cancels your disagreement with the first :)
– Maniero
@mustache
Pode-se dizer que é.From where I’m standing.Se não causa nenhum problema, é uma boa prática.This for me is a great start to many problems. It is not by causing any problems that it is certainly a good practice. For example, I can come to work and not say good morning to anyone who does not cause me problems in principle, but it is not good practice from a social point of view. But never mind, it doesn’t matter so much.– Bruno Costa
So you disagree actually with the following paragraphs. You think that blindly following a convention is a good thing. The example outside of programming shows this well. You say good morning because everyone gives, never wondered why you do it. So what you’re doing is actually bad practice. Now if you know that it’s good morning because people expect it, if you don’t, you will be seen badly and when you need something, you will have difficulties, then you thought, saw that the practice of not giving good day was bad and decided to do good.
– Maniero
Now imagine working in a place where everyone hates good morning. If you do, you will be causing trouble for yourself, so you have followed the good practice you thought was always worth and are hurting yourself. Thank you for giving me the opportunity to show with following "good practices" is something very wrong and making p right in every situation is the only correct option. The rest is taste.
– Maniero
Good practice is synonymous with "I was told this is good, but I don’t know why". Programmer needs to know the reason, and if you do not know, you have to research and learn the reason, then drop this good practice talk, which in my experience, when one uses a lot, reflects a type of professional not so reliable in most cases. I am giving this touch, because if the author is learning, and asked about good practices, he must have heard the term somewhere, so is the alert to "get smart" with the dubious term. Don’t be a "good practice" guy anymore, be the knowledge guy.
– Bacco
All language comes with "good practice manual" and is called documentation. Unless the language convention specifically requires something (such as the Dart’s _ prefix) you have to understand that good practices are universal - they do not depend on language or method - and the main thing is to make the code more readable.
– user38174