Originally Posted by
Dave224
What is the difference between sanitization of a variable with 'string' and sanitization with 'stringIgnoreNull' in $db->bindVars when the variable value is NULL (not a string), and 'NULL' (a string). What is stored in the database? I can't seem to get a true NULL stored in the database.
Thank you!
zc1.5.7c, php8.0, mysql5.7.34 or 8.0.8 (production)
What does your chain of query statements look like? Depending on why the variable evaluated to null it either could cause a notice to be logged or result in an empty quote/string. If you are expecting the value to be null and to be able to store a null value then need to evaluate for that condition in advance.
Either within the use of bindVars, the value to be stored would be what has been sent along or a string of NULL as a string or bypass that particular replacement method of using stringIgnoreNull.
Your question though was if the variable to be stored ===null such that is_null($var) == true, then the response is the same for sanitization using either method. Although not stated in the link dbltoe provided, a text string that includes NULL will be assigned to the data value of null. So even if the word is: ANNULLED, when substituting as a string the entire text will be changed to just a null type field value. Or if there is a sentence being stored as a string and anywhere within the string is: NULL, then the value stored will be null.
So if you want to use bindVars to sanitize the value as a string and if you expect the value to actually be set but at add the value null, then in the third parameter, would suggest something like:
Code:
(is_null($var) ? 'NULL' : $var)
Or because it looks like you are using php 8:
If using stringIgnoreNull, then would want to address in some other way. In the php, somewhere evaluate the $var and then determine how to do the substitution. May need to use string of 'NULL' or some other action to ensure the variable is stored as a null value instead of empty text.
Bookmarks