We have a lot of SQL that is using single-quotes to surround variables that are expected to be ints.
When we do that it is an invalid condition that the variable is empty or undefined -- having it quoted means that we will be papering over an invalid condition... and only for MySQL. PostgreSQL will definitely complain if you say
SELECT username from mdl_user where id='';
because id is an int/bigint field, and empty string is not a valid match.
Instead, we should see the error (ouch) and fix the actual bug. Often it's a bug in the function mishandling valid parameters, or a caller passing an invalid parameter.
When working on accesslib, I tried to make sure ints aren't quoted, ot make sure we see the errors, and have a chance to fix them!
There's a bit of discussion about this in MDL-11352
General developer forum
SQL style - avoiding use of '$int'
This discussion has been locked so you can no longer reply to it.