LinkBack URL
About LinkBacksis this syntax correct?
$query = "SELECT off_auth.user_id FROM off_auth, off_users WHERE off_auth.user_id = off_users.user_id AND off_auth.passcode = " . $pass . " AND off_users.user_name = \"" . $user . "\";";
x10Hosting Member
is this syntax correct?
$query = "SELECT off_auth.user_id FROM off_auth, off_users WHERE off_auth.user_id = off_users.user_id AND off_auth.passcode = " . $pass . " AND off_users.user_name = \"" . $user . "\";";
Generally Helpful Member
I like to break up my queries so you can see what you're doing a little better. Whitespace and linebreaks are ignored. Using double quotes means that variables will be parsed, so there's no need to do "string " . $var . " string", just "string $var string". You don't need a semicolon on the end of the query. Also, when you are doing comparisons, any strings need to be quoted: "and x = 'y' " not "and x = y"Code:$query = "SELECT off_auth.user_id FROM off_auth, off_users WHERE off_auth.user_id = off_users.user_id AND off_auth.passcode = '$pass' AND off_users.user_name = '$user'";
A common mistake people make is to make as many tables as possible. This causes confusion, complicated queries, and referential integrity problems.
If you have tables like this:
table 1:
user ID.....user name
1...............joe
2...............bob
table 2
user ID.....user phone number
1..............123-123-1234
2..............123-123-1235
If each user only has 1 phone number, it makes no sense to add the complexity of another table.
Last edited by garrettroyce; 05-18-2009 at 08:25 PM.
gjr.gr - coming soon: secrets of OCD coding from a self taught tinkerer
x10Hosting Member
Thanks,. made it right.
i've got another one. whats d difference between mysql_numrows() to mysql_num_rows()?
Generally Helpful Member
mysql_numrows() doesn't exist :P
gjr.gr - coming soon: secrets of OCD coding from a self taught tinkerer
On Extended Leave
I'm pretty sure mysql_munrows() is just an alias for mysql_num_rows(), which returns the number of rows in a result.Originally Posted by zyreena
x10 Spammer
In addition to garrettroyce's advice on syntax and table design, there are two security points that should be addressed. Make sure $pass and $user have been sanitized (so that little Robert'; DROP TABLE off_auth;-- won't cause problems when he registers for your site). off_auth.passcode should store a hash (properly salted) of each user's password so that if someone compromises your server and gets the passcodes, they won't yet be able to sign in with stolen credentials (they will first need to find one of the passwords or a collision by brute force).
x10 Elder
Correct!
mysql_numrows() is a deprecated alias of
mysql_num_rows()
source: http://us2.php.net/manual/en/functio...l-num-rows.php
So you are better off using mysql_num_rows()
x10Hosting Member
therefore mysql_numrows(); no longer exists and should not be used, ryt?
and no longer supported in the latest version?
Generally Helpful Member
They've removed the function from their PHP >= 5 documentation at php.net, so they're just keeping the function alive for the lazy coders out there who can't update their code :P
Using deprecated functions will actually give an error under certain conditions so I would not use them. In this case, it's just a name change, but it's still a bad practice to get into.
gjr.gr - coming soon: secrets of OCD coding from a self taught tinkerer
Posting Permissions
Reply With Quote