Issue
Is it considered bad practice to give HTML form names the same name as table field names? I am building some dynamic sql insert queries, and at present I am using some regexp's to change the names to the relevant database fields on the basis I feel it may be insecure otherwise, what are your opinions?
Solution
I wrote a function to do INSERT
queries for me, and it depends on that fact. It takes the $_POST
variable names and INSERT
s them into their corresponding columns.
As said in the comment on the OP, it doesn't matter, and in most cases, saves you time going back to remember if you used first_name,
firstname,
or first.
Also, keep in mind that your users will never see the database column names, and they will only see the form names if they view the source. Therefore, there's not much to worry about!
Good luck!
Answered By - David
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.