[Resolved] Do I need to add the '$uid' to the 'db_query_range' in the 'database abstraction layer'?

By Anonymous (not verified) on 13 Oct 2009 at 16:32 UTC

In the Drupal API 'Database abstraction layer' documentation it states that:

<?php

$result = db_query_range('SELECT n.nid, n.title, n.created
FROM {node} n WHERE n.uid = %d', $uid, 0, 10);
while ($node = db_fetch_object($result)) {
// Perform operations on $node->body, etc. here.
  }

?>

"Curly braces are used around "node" to provide table prefixing via db_prefix_tables(). The explicit use of a user ID is pulled out into an argument passed to db_query() so that SQL injection attacks from user input can be caught and nullified. "

But do I always have to use the '$uid' for every type of query I build?

Thank you in advance for any answers. :-)

Comments

No . .. not at all .... this

matt_harrold commented 13 October 2009 at 18:29

No . .. not at all .... this sample code simply retrieves all nodes associated with a particular user ... you may want a totally different set of results. Carry on Dolphin Boy.

[Resolved] Do I need to add the '$uid' to the 'db_query_range' in the 'database abstraction layer'?

Comments

No . .. not at all .... this

New forum topics

News items

Our community

Documentation

Drupal code base

Governance of community