Menu
Is it considered bad practice to give HTML form names the same name as table field names? I am building some dynamic sql insert queries, and at present I am using some regexp's to change the names to the relevant database fields on the basis I feel it may be insecure otherwise, what are your opinions?
339
I wrote a function to do INSERT queries for me, and it depends on that fact. It takes the $_POST variable names and INSERTs them into their corresponding columns.
As said in the comment on the OP, it doesn't matter, and in most cases, saves you time going back to remember if you used first_name, firstname, or first.
Also, keep in mind that your users will never see the database column names, and they will only see the form names if they view the source. Therefore, there's not much to worry about!
Good luck!
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
