Using the same column name in MySQL and HTML
I am developing a PHP, MySQL application. I follow this principle where I use the same column name in MySQL table as HTML variable name.
I found this to be a really good design:
- I am iterating over the $ _POST variable names and updating the table. Since the column name and variable names are the same, there is less chance of an update when the database is updated.
Is it good to follow this method? I'm not an expert, does this reveal our database structure or something else?
I am also considering the option above, where I add multiple lines used in HTML variables when creating database columns.
source to share
This will work great for column names and is good practice. I have used it successfully with both tables and views.
Others have pointed out something worth repeating: you need to protect your app from being hacked. If badguy is trying to send you a web request containing dummy column names, you definitely don't want your code to go through them. Trying to use column names from an untrusted source in queries against your database server poses a major security risk, especially for INSERT, UPDATE, or DELETE. You will need to take extra care with the part of your application that ensures that the column names are clean.
Something to look out for: case sensitivity. In MySQL, you are in good shape for column case sensitivity. But the cases of table names can change depending on the OS your MySQL server is running on. For better portability, you should probably make your table names lowercase. Here is a transcript of this question. http://dev.mysql.com/doc/refman/5.0/en/identifier-case-sensitivity.html
If you are porting this project to Oracle, you will find that there is a misunderstanding in the column names in case of case sensitivity.
source to share