SQL style - avoiding use of '$int'

SQL style - avoiding use of '$int'

by Martín Langhoff -
Number of replies: 1
We have a lot of SQL that is using single-quotes to surround variables that are expected to be ints.

When we do that it is an invalid condition that the variable is empty or undefined -- having it quoted means that we will be papering over an invalid condition... and only for MySQL. PostgreSQL will definitely complain if you say

SELECT username from mdl_user where id='';

because id is an int/bigint field, and empty string is not a valid match.

Instead, we should see the error (ouch) and fix the actual bug. Often it's a bug in the function mishandling valid parameters, or a caller passing an invalid parameter.

When working on accesslib, I tried to make sure ints aren't quoted, ot make sure we see the errors, and have a chance to fix them!

There's a bit of discussion about this in MDL-11352
Average of ratings: -