Re: Database learning

[__]

>I’m just trying to reduce the time it takes the database to remove the extra characters. Although, it probably is so minimal I wouldn’t even notice.

As Crocodillon said, the extra spaces don’t get saved (that’s the diff between VARCHAR and CHAR). However, the DB still has to allow for however many characters you specify, so specifying 100 when you only need 15 will (pointlessly) allocate more memory for the column and slow things down when you’re reading the table. Not very much, of course. You would absolutely never notice it. Using TEXT to store 15 characters, on the other hand, … : )

>My goal is to actually share this for other Kirby users to implement. However, I’m on the fence about this. I really don’t want to be responsible for a wide-scale attack on Kirby sites if I fuck something up.

test,test,test;share,share,share

You can create/adopt coding conventions to keep track of what is safe to print and what’s not. For example,

$unsafe_name = $_POST;
// print $unsafe_name; // NOOOOOOOOOOO!!!!!!
$safe_name = htmlspecialchars( $unsafe_name );
print $safe_name; // yes : )

Joel Spolsky [explains it better](http://www.joelonsoftware.com/articles/Wrong.html).