is this sql statement pnAPI compliant? :: Zikula Community

Show your support for Zikula! Sign up at Github account and watch the Core project!

is this sql statement pnAPI compliant?

**unknown user**

Rank: Freshman

Registered: Mar 16, 2002

Last visit: Mar 24, 2005

Posts: 53
Posted: Aug 15, 2003 - 02:59 AM

I want to be pnAPI complaint. Is this SQL statement?

Code
$sql = "INSERT INTO $watchlisttable (
$watchlistcolumn[wlid],
$watchlistcolumn[userid],
$watchlistcolumn[prodid],
$watchlistcolumn[wstatus],
$watchlistcolumn[wdatestamp])
VALUES (
$nextId,
" . pnVarPrepForStore($userid) . ",
" . pnvarPrepForStore($prodid) . ",
'A',
" . $dbconn->DBTimestamp(time()) . ")";

$dbconn->Execute($sql);

I am unsure of the 'A' whether it should have a pnVarPrepForStore as well and the best way to insert a time stamp.

Thanks,

Steve
markwest

Rank: Team Member

Registered: Mar 18, 2002

Last visit: Oct 21, 2009

Posts: 6606
Posted: Aug 15, 2003 - 08:54 PM

It can't hurt to put the pnVarPrepForStore for consistency. The time stamp should also be passed via pnVarPrepForStore as well.

-Mark

--
Visit My homepage and Zikula themes .
larsneo

Rank: Software Foundation

Registered: Dec 31, 1969

Last visit: Oct 21, 2009

Posts: 3814
Posted: Aug 16, 2003 - 03:55 AM

please check also the postnuke coding standards - especially about type casting, storing values and securing forms...

--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..