firebird-php - RE: [firebird-php] Duplicate numbers

Subject	RE: [firebird-php] Duplicate numbers
Author	Alan McDonald
Post date	2006-05-23T13:38:32Z

> Alan McDonald wrote:
>
> >>>>"INSERT INTO TICKET ( TICKET_ID, TICKET_REF, TICKET_NO, OFFICE, ROOM,
> >>>>STAFF_ID, INIT_ID, CALLER_ID, APPLET )
> >>>>VALUES ( $ticid, 'NOW', (SELECT COALESCE(MAX(TICKET_NO)+1, 1) FROM
> >>>>CURRENT_DAY
> >>>>WHERE OFFICE = $office AND TICKET_NO BETWEEN 0 AND 9999),
> >>>>$office, 0, 0, 0, 0, ' ' )";
> >>>
> >>>I only see 2 place holders and 6 parameters? am I reading this
> >>
> >>right? I also
> >>
> >>>only see 9 fields with 3 values.
> >>>something ismissing here $office wold be used for $ticid - no?
> >>
> >>It's the PHP ;)
> >>$ticid and $office are replaced before it goes to Firebird :)
> >>9 fields, 9 values, one of which is calculated from the list of todays
> >>tickets.
> >>
> > I'm still fascinated by the syntax
> > but my parameters are always replaced in the same order as the variables
> > provided
> > to put it my way:
> >
> > "INSERT INTO TICKET ( TICKET_ID, TICKET_REF, TICKET_NO, OFFICE, ROOM,
> > STAFF_ID, INIT_ID, CALLER_ID, APPLET )
> > VALUES ( (SELECT COALESCE(MAX(TICKET_NO)+1, 1) FROM
> CURRENT_DAY, ?, ?, ?, ?,
> > ?, ?, ?, ?
> > WHERE OFFICE = ? AND TICKET_NO BETWEEN 0 AND 9999), 0, 0, 0, 0,
> 0, 0, ' ',
> > 0, 0)";
> >
> > one of these zeros is 'NOW',
> >
> > 9 fields 9 placeholders, 9 parameters in that order.
> > I can't read from your syntax what goes where ubt it's
> intersting to know
> > how it works?
>
> Been running for two years now with a few changes.
>
> There are NO parameters in any of that, it is a simple RAW insert
> statement. PHP replaces the $ticid with a number and $office with
> probably 1 (SINCE ONLY ONE SITE HAS TWO OFFICES :) ) and then ADOdb
> executes it. No parameters needed or used.
>
> So why do you keep wanting to put placeholders in it, this is simple PHP
> text stuff?
>
> --
> Lester Caine - G8HFL

your syntax follows the standard ibase_query syntax or
ibase_query($db->dbh, "insert into ... etc VALUES (?, ?, ?)", parameter
list);
your syntax looked like a duck but it's actually an ADOdb pigeon :-)

1. to prevent injections of SQL
2. to make it very readable
3. to allow for blob_id variables

Alan