#1
  1. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,660
    Rep Power
    171

    Use 1 function to UPDATE different columns


    Due to the special situation (the way designer and client have chosen to design admin) the user updates each column seperately.

    Would this be a good idea to send column name as argment to the function and edit the content?

    PHP Code:
    public function apply_long_desc($column_name)
            {
                
    $this->model_content->update_long_desc($column_name$this->input->post($colun_name));
            } 
    PHP Code:
    public function update_long_desc($column$id)
        {
            
    $sql "UPDATE star_content SET ".$column." = ? ";
            
    $this->db->query($sql, array($id)); 
        } 
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2010
    Posts
    153
    Rep Power
    5
    Putting any user input into a SQL statement like that presents a security risk. If you need to do this sort of thing, the better approach is to have a list of known columns (or to fetch them from information_schema.columns) and check the entered column against that, e.g.:

    Code:
    public function update_long_desc($column, $id)
        {
            if (in_array($column, array("column1", "column2", "column3")){
    
               $sql = "UPDATE star_content SET ".$column." = ? ";
               $this->db->query($sql, array($id)); 
           }
        }
  4. #3
  5. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,660
    Rep Power
    171
    Originally Posted by admoore
    Putting any user input into a SQL statement like that presents a security risk. If you need to do this sort of thing, the better approach is to have a list of known columns (or to fetch them from information_schema.columns) and check the entered column against that, e.g.:

    Code:
    public function update_long_desc($column, $id)
        {
            if (in_array($column, array("column1", "column2", "column3")){
    
               $sql = "UPDATE star_content SET ".$column." = ? ";
               $this->db->query($sql, array($id)); 
           }
        }
    Exactly, I have something like this
    PHP Code:
    $ids = array(......);
                
                if(!
    in_array($id$ids))
                    {
                        echo 
    "Error";
    //header redirect 
                    

  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,447
    Rep Power
    1751
    There seems to be a lack of a WHERE clause if that matters at all.
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc
  8. #5
  9. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    I won't go into a recommendation since mine would be for the active record pattern that's probably more complex (albeit cool) than what you're looking for, so I'll simply leave these words of wisdom:

    The design of the UI doesn't have to, and usually shouldn't, dictate how your model layer is designed. UIs can change over time and that might require some controller changes, but the model layout should be abstracted far enough away that it shouldn't have to change just for presentation.

    Make the model in the most flexible and efficient form you can, then let the controller deal with how they design the UI.
    LinkedIn: Dave Mittner
  10. #6
  11. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,660
    Rep Power
    171
    Originally Posted by SimonJM
    There seems to be a lack of a WHERE clause if that matters at all.
    I didn't think you noticed!

    There is only 1 row in this table. The designer was pretty smart to be honest.
  12. #7
  13. No Profile Picture
    Dazed&Confused
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2002
    Location
    Tempe, AZ
    Posts
    506
    Rep Power
    128
    Originally Posted by English Breakfast Tea
    I didn't think you noticed!

    There is only 1 row in this table. The designer was pretty smart to be honest.
    If the designer were smart they wouldn't have a table with one row. Chances are there are better ways of doing what's being done.
    LinkedIn: Dave Mittner
  14. #8
  15. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,660
    Rep Power
    171
    Originally Posted by dmittner
    If the designer were smart they wouldn't have a table with one row. Chances are there are better ways of doing what's being done.
    I hear you and let me add somthing to this:

    IN real world (which is a mean place), it is not about making the best quality product.

    In my experience sometimes a website with 80% quality saves the day.

    Yes it
    MUST be 100% secure,
    It must be html css valid,
    It must be optimised ad easy to use,
    etc

    BUT

    There are aveage 5 weekly clients who want a simple cms with their own specific psd designs.


    They provide a limited budget.
    The give me limited time.
    They don't care how the backend is designed as long as it works fast and secure.

    I give them a good product with the option of extra x dollars and x days will give you a more dynamic product (extendable features) with better backend design.

    They ask does it work different?
    Answer not all.

    They want the cheap version.


    I notice around here perfectionism stops people from progress, money and success.

    ITS VERY COMMON.

    Dont get me wrong quality is exteremly important but in some cases it can be compromised in some parts.

    Comments on this post

    • jack13580 disagrees : If I was paying for something, I would want it to be a quality product
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2010
    Posts
    153
    Rep Power
    5
    Originally Posted by English Breakfast Tea
    I notice around here perfectionism stops people from progress, money and success.

    ITS VERY COMMON.

    Dont get me wrong quality is exteremly important but in some cases it can be compromised in some parts.

    I'm guessing most people who comment regularly here have done some pretty whacky code once in a while to get a job done. But those asking for advice generally want to know the proper way to get things done, so that's what's generally presented.
  18. #10
  19. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    In my experiance lower quality products cost more in the long run as you loose unhappy clients, find it harder to sell and have to spend more time than you expected bug fixing and maintaining.

    Read this bit again:

    Originally Posted by dmittner
    The design of the UI doesn't have to, and usually shouldn't, dictate how your model layer is designed. UIs can change over time and that might require some controller changes, but the model layout should be abstracted far enough away that it shouldn't have to change just for presentation.

    Make the model in the most flexible and efficient form you can, then let the controller deal with how they design the UI.
    Are you still using CI or have you abandoned the use of a framework?
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Dec 2004
    Posts
    2,987
    Rep Power
    375
    Originally Posted by Northie
    Are you still using CI or have you abandoned the use of a framework?
    from his coding example, it looks like he is still using CI or maybe another framework but since this project of his is not new so CI looks the best bet.
  22. #12
  23. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,660
    Rep Power
    171
    Originally Posted by Northie
    Are you still using CI or have you abandoned the use of a framework?
    This specific example is CI. Please see the code in post 1.

    And please note friends I am aware I don't understand code as much as Northie, Jaques, dmitter or paullah.

    But please keep your help coming I am working hard as much as I have time.

    Thank you all
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,447
    Rep Power
    1751
    Originally Posted by English Breakfast Tea
    I didn't think you noticed!

    There is only 1 row in this table. The designer was pretty smart to be honest.
    It was rather a blatant 'omission'! As a few people have said it does not come across as a particularly great design feature. Not knowing what the overall application is nor how many people will be using it, it can be hard to make comments other than generic ones.
    In general, using a table to store a single row, maybe even a single column in that row is not good. Can it, or could it, be over-written by any user? Can you guarantee that it will retain it's required value by the one who set it?
    Not knowing what the data is for nor why it would need changing makes it hard to make suggestions. One pretty obvious things springs to mind in that it is possible that another such piece of data will need to be tracked - will there be another table created just for that?
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc
  26. #14
  27. A Change of Season
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    2,660
    Rep Power
    171
    Originally Posted by SimonJM
    Not knowing what the overall application is...
    Hopefully explains the approach, site on a test server:

    Site

    Admin (password:rickymartin)

    Stats and usage:
    ~ 100 users a day

    5 updates a month

IMN logo majestic logo threadwatch logo seochat tools logo