¿Cómo mejorar mi script de adición de php?

Question

¿Cómo mejorar mi script de adición de php?

I have a script, which update my table's column and write an id in it.

I need to check whether the column is empty or not, if it is not: I add a ','.

Aquí está el guión:

$subs = mysql_fetch_array(mysql_query("SELECT subscribed_user_id FROM users WHERE user_id=".(int)$_GET['user']));

$subs_array = array();

$subs_array=explode(',', $subs['subscribed_user_id']);

if(!in_array($_COOKIE['user_id'], $subs_array))
{
    if($subs['subscribed_user_id']=='')
    {
    $add='';

    } else {

        $add = $subs['subscribed_user_id'].',';
    }
       mysql_query("UPDATE users SET subers=subers+1, subscribed_user_id='".$add.$_COOKIE['user_id']."' WHERE user_id=".(int)$_GET['user']);

   }

I have an idea: always add ',' , but when I select it use not the full length of the array, but , for example, array.length-2... I think that it is not OK and that is why I need an advice: how can I improve this script?

¡gracias de antemano!

preguntado el 15 de noviembre de 13 a las 08:11

Costa Rassco

A first major improvement would be to detener usando el mysql_* function. For more feedback, you should post this question on CodeReview, I do think - Elias Van Ootegem

Pertenece a codereview.stackexchange.com - Elias Van Ootegem

@Elias Van Ootegem, should I use mysqli ? - Costa Rassco

@user2793065 you should use PDO instead. - STT LCU

@user2793065: Use whichever you feel most comfortable with. PDO, IMO, offers the best API, whereas some more "advanced" características de mysqli_* will feel more homely to those who've written C code using the mysql C API - Elias Van Ootegem

1 Respuestas

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas php mysql arrays or haz tu propia pregunta.

A first major improvement would be to detener usando el mysql_* function. For more feedback, you should post this question on CodeReview, I do think - Elias Van Ootegem
Pertenece a codereview.stackexchange.com - Elias Van Ootegem
@user2793065: Use whichever you feel most comfortable with. PDO, IMO, offers the best API, whereas some more "advanced" características de mysqli_* will feel more homely to those who've written C code using the mysql C API - Elias Van Ootegem

community · Accepted Answer

5

You can improve it by using a no deprecated extension as example:

DOP:

$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->execute(array(':username' => $_GET['username']));

Or MySQLi:

$query = $mysqli->prepare('SELECT * FROM users WHERE username = s');
$query->bind_param('s', $_GET['username']);

These extensions have built-in parameterize functions which let you safely insert data into the database.

respondido 15 nov., 13:08

community